CVE-2025-26762 — Cross-site Scripting in Woocommerce

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 83.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Automattic Woocommerce

Timeline

PublishedMar 27

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through <= 9.7.0.

Affected Packages1 packages

▶CVEListV5automattic/woocommerce9.7.0

🔴Vulnerability Details

GHSA

GHSA-mp89-pxjh-mww8: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS↗2025-03-27

▶

CVEList

WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability↗2025-03-27

▶