Cross-Site Scripting Vulnerability in SpecFit-Virtual Try On by Dugudlabs
CVE-2025-23973
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 27 June 2025
What is CVE-2025-23973?
The SpecFit-Virtual Try On Woocommerce plugin by Dugudlabs is vulnerable to Cross-Site Scripting (XSS) attacks. This vulnerability arises when improper neutralization of user input occurs during the generation of web pages, allowing attackers to inject malicious scripts. This issue affects versions from the initial release up to 7.0.6, posing a risk of stored XSS, which can lead to severe consequences such as data theft and unauthorized access.
Affected Version(s)
SpecFit-Virtual Try On Woocommerce <= 7.0.6