Reflected XSS Vulnerability in Woo Store Mode by Simonhunter
CVE-2025-23687

7.1HIGH

Key Information:

Vendor: Simonhunter
Status: Woo Store Mode
Vendor: CVE Published:; 27 February 2025

Summary

A reflected XSS vulnerability exists in the Woo Store Mode plugin by Simonhunter, allowing attackers to inject malicious scripts through unsafe input processing during web page generation. This vulnerability affects versions 1.0.1 and earlier, posing a risk of executing harmful payloads on end-user browsers, potentially leading to session hijacking or data theft. It's essential for users and administrators to promptly address this issue to mitigate the risk of exploitation.

Affected Version(s)

Woo Store Mode <= 1.0.1

References

https://patchstack.com/database/wordpress/plugin/woo-stor...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)