Armis Vulnerability Intelligence Database

Description Preview

The Official CleverReach Plugin for WooCommerce, versions up to and including 3.4.3, is affected by a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability, identified as CVE-2025-32241, allows an attacker to trick a victim into performing actions they did not intend to do. The attacker can forge a request in the context of the victim's session, leading to unauthorized changes in settings. The vulnerability has a CVSS v3.1 base score of 6.5, indicating a medium severity level. The attack can be executed over the network with low complexity and does not require user interaction or privileges.

Overview

The Official CleverReach Plugin for WooCommerce is a popular plugin used for email marketing. The vulnerability lies in the plugin's inability to properly validate requests, making it susceptible to CSRF attacks. This vulnerability affects all versions up to and including 3.4.3. The vulnerability was discovered externally and published by Patchstack.

Remediation

Users of the Official CleverReach Plugin for WooCommerce are advised to update to the latest version of the plugin, which includes a fix for this vulnerability. If updating is not immediately possible, users should consider disabling the plugin until an update can be applied.

References

For more information about this vulnerability, please refer to the following resources:

CVE-2025-32241: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32241
Patchstack vulnerability database: https://patchstack.com/database/wordpress/plugin/cleverreach-wc/vulnerability/wordpress-official-cleverreach-woocommerce-integration-plugin-3-4-3-csrf-to-settings-change-vulnerability?_s_id=cve

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Construction
Construction
Educational Services
Educational Services
Finance and Insurance
Finance and Insurance
Health Care & Social Assistance
Health Care & Social Assistance
Information
Information
Management of Companies & Enterprises
Management of Companies & Enterprises
Manufacturing
Manufacturing
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Retail Trade
Retail Trade
Transportation & Warehousing
Transportation & Warehousing
Utilities
Utilities
Wholesale Trade
Wholesale Trade

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!