CVE-2025-47455: URL Redirection to Untrusted Site ('Open Redirect') in CRM Perks Integration for WooCommerce and Salesforce
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5.
AI Analysis
Technical Summary
The CRM Perks Integration for WooCommerce and Salesforce plugin contains an Open Redirect vulnerability (CVE-2025-47455) that allows an attacker to redirect users to untrusted external URLs. This could be leveraged for phishing attacks by tricking users into visiting malicious sites. The vulnerability affects versions up to and including 1.7.5. The CVSS 3.1 base score is 4.7 (medium severity), with network attack vector, low attack complexity, no privileges required, user interaction required, and partial confidentiality impact. The product is a cloud-hosted service, and the vendor is responsible for patching and remediation.
Potential Impact
Successful exploitation can lead to users being redirected to malicious websites, increasing the risk of phishing attacks. There is no direct impact on system integrity or availability. Confidentiality impact is limited to potential disclosure of user navigation to untrusted sites. No known active exploits have been reported.
Mitigation Recommendations
A patch is available for this vulnerability. Since the product is a cloud-hosted service, the vendor manages remediation and typically applies patches server-side. Users and administrators should verify with the vendor advisory that the service is updated to a fixed version. No additional action is required if the vendor confirms mitigation.
CVE-2025-47455: URL Redirection to Untrusted Site ('Open Redirect') in CRM Perks Integration for WooCommerce and Salesforce
Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Salesforce woo-salesforce-plugin-crm-perks allows Phishing.This issue affects Integration for WooCommerce and Salesforce: from n/a through <= 1.7.5.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The CRM Perks Integration for WooCommerce and Salesforce plugin contains an Open Redirect vulnerability (CVE-2025-47455) that allows an attacker to redirect users to untrusted external URLs. This could be leveraged for phishing attacks by tricking users into visiting malicious sites. The vulnerability affects versions up to and including 1.7.5. The CVSS 3.1 base score is 4.7 (medium severity), with network attack vector, low attack complexity, no privileges required, user interaction required, and partial confidentiality impact. The product is a cloud-hosted service, and the vendor is responsible for patching and remediation.
Potential Impact
Successful exploitation can lead to users being redirected to malicious websites, increasing the risk of phishing attacks. There is no direct impact on system integrity or availability. Confidentiality impact is limited to potential disclosure of user navigation to untrusted sites. No known active exploits have been reported.
Mitigation Recommendations
A patch is available for this vulnerability. Since the product is a cloud-hosted service, the vendor manages remediation and typically applies patches server-side. Users and administrators should verify with the vendor advisory that the service is updated to a fixed version. No additional action is required if the vendor confirms mitigation.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-05-07T09:38:40.260Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
- Is Cloud Service
- true
Threat ID: 682d981ac4522896dcbd9490
Added to database: 5/21/2025, 9:08:42 AM
Last enriched: 5/1/2026, 2:09:22 PM
Last updated: 5/8/2026, 6:39:50 PM
Views: 68
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.