CVE-2025-39446 — Cross-site Scripting in LLC Booster Plus FOR Woocommerce

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA7.1

EPSS

0.2%

top 62.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pluggabl LLC Booster Plus FOR Woocommerce Booster FOR Woocommerce

Timeline

PublishedMay 19

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows Reflected XSS.This issue affects Booster Plus for WooCommerce: from n/a through 7.2.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5pluggabl_llc/booster_plus_for_woocommercen/a — 7.2.4

▶NVDbooster/booster7.2.4

🔴Vulnerability Details

CVEList

WordPress Booster Plus for WooCommerce plugin <= 7.2.4 - Reflected Cross Site Scripting (XSS) vulnerability↗2025-05-19

▶

GHSA

GHSA-2gj6-8x44-7f5c: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl LLC Booster Plus for WooCommerce allows↗2025-05-19

▶