CVE-2025-49042Cross-site Scripting in Woocommerce

CWE-79Cross-site ScriptingCWE-20Improper Input Validation4 documents4 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 90.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Automattic Woocommerce
Timeline
PublishedOct 29

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through <= 10.0.2.

Affected Packages1 packages

CVEListV5automattic/woocommerce10.0.2

🔴Vulnerability Details

2
GHSA
GHSA-rrvr-f37x-r3f9: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored2025-10-29
CVEList
WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability2025-10-29

📋Vendor Advisories

1
Red Hat
kernel: netfilter: nf_tables: reject duplicate device on updates2025-09-03
CVE-2025-49042 — Cross-site Scripting in Woocommerce | cvebase