CVE-2025-47455: WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability

4.7 CVSS

Description

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce allows Phishing. This issue affects Integration for WooCommerce and Salesforce: from n/a through 1.7.5.

Classification

CVE ID: CVE-2025-47455

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.7

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Problem Types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Affected Products

Vendor: CRM Perks

Product: Integration for WooCommerce and Salesforce

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.33% (scored less or equal to compared to others)

EPSS Date: 2025-05-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-47455
https://patchstack.com/database/wordpress/plugin/woo-salesforce-plugin-crm-perks/vulnerability/wordpress-integration-for-woocommerce-and-salesforce-1-7-5-open-redirection-vulnerability?_s_id=cve

Timeline

2025-05-07 15:40:11 UTC
CVE

WordPress Integration for WooCommerce and Salesforce <= 1.7.5 - Open Redirection Vulnerability