CVE-2025-5530 – WPC Smart Compare for WooCommerce Stored Cross-Site Scripting Vulnerability

July 11, 2025

CVE ID : CVE-2025-5530

Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago

Description : The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘shortcode_btn’ shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6068 – FooGallery WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4593 – WordPress WP Register Profile With Shortcode Sensitive Information Exposure

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

One of Atlus’ best Xbox JRPGs that puts modern Final Fantasy games to shame is now on a 45% discount — This is your last chance to seize it as the Amazon Day Prime closes today

Don’t waste the LAST 24 hours of Amazon Prime Day sales buying a MacBook — buy this much better Windows laptop instead!

This fantastic Xbox remake of a classic Atlus JRPG we gave a perfect review score to is now 49% cheaper — Don’t miss the deadline for this Amazon Prime Day deal, which ends today

HP’s discount on one of the most powerful gaming laptops on the planet is absolutely UNBEATABLE — but you only have a few hours to get one!

The details of TC39’s last meeting

The details of TC39’s last meeting

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

One of Atlus’ best Xbox JRPGs that puts modern Final Fantasy games to shame is now on a 45% discount — This is your last chance to seize it as the Amazon Day Prime closes today

One of Atlus’ best Xbox JRPGs that puts modern Final Fantasy games to shame is now on a 45% discount — This is your last chance to seize it as the Amazon Day Prime closes today

Don’t waste the LAST 24 hours of Amazon Prime Day sales buying a MacBook — buy this much better Windows laptop instead!

This fantastic Xbox remake of a classic Atlus JRPG we gave a perfect review score to is now 49% cheaper — Don’t miss the deadline for this Amazon Prime Day deal, which ends today

CVE-2025-5530 – WPC Smart Compare for WooCommerce Stored Cross-Site Scripting Vulnerability

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Ransomware reaches a record high, but payouts are dwindling

Ransomware attacks on critical infrastructure surge, reports FBI

Circana: Xbox may have finally seen some solid YoY hardware growth, both in units and retail sales

DolphinGemma: How Google AI is helping decode dolphin communication

Scalable and Principled Reward Modeling for LLMs: Enhancing Generalist Reward Models RMs with SPCT and Inference-Time Optimization

Windows 11 Search will soon let you install your favorite apps from Microsoft Store

CVE-2025-32788 – OctoPrint Authentication Bypass

CVE-2025-27358 – mndpsingh287 Frontend File Manager Basic XSS Vulnerability

CVE-2025-5530 – WPC Smart Compare for WooCommerce Stored Cross-Site Scripting Vulnerability

Related Posts