CVE-2025-5285 – WooCommerce Stored Cross-Site Scripting Vulnerability

May 31, 2025

CVE ID : CVE-2025-5285

Published : May 31, 2025, 7:15 a.m. | 2 hours, 27 minutes ago

Description : The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5292 – Elementor Element Pack Addons Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4607 – “PSW Front-end Login & Registration WordPress Privilege Escalation”

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-5285 – WooCommerce Stored Cross-Site Scripting Vulnerability

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

CISA Adds Qualcomm Vulnerabilities to KEV Catalog

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

What are AI Agents? Demystifying Autonomous Software with a Human Touch

CVE-2025-4977 – Netgear DGND3700 Cross-Site Scripting Vulnerability

GootLoader Malware Evades Detection Through Complicated Loops and Time-Based Delays

$800 million and 13 years later, here’s how you can play one of the world’s most expensive PC games for free

Managing MongoDB’s DevOps Tools & SOA Programs

Meta AI Researchers Introduce Mixture-of-Transformers (MoT): A Sparse Multi-Modal Transformer Architecture that Significantly Reduces Pretraining Computational Costs

Tariff war has tech buyers wondering what’s next. Here’s what we know

CVE-2025-5285 – WooCommerce Stored Cross-Site Scripting Vulnerability

Related Posts