Cross-site Scripting Vulnerability in OneTeamSoftware WooCommerce Plugin
CVE-2025-24551

7.1HIGH

Key Information:

Vendor: WordPress
Status: Radio Buttons And Swatches For WooCommerce
Vendor: CVE Published:; 31 January 2025

Summary

A Cross-site Scripting (XSS) vulnerability has been identified in the OneTeamSoftware Radio Buttons and Swatches for WooCommerce plugin, allowing malicious actors to inject arbitrary JavaScript code into web pages viewed by other users. This vulnerability affects versions up to 1.1.20 of the plugin. Attackers can exploit this flaw through reflected XSS, compromising user sessions or redirecting users to malicious sites. Users of affected versions are advised to take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Radio Buttons and Swatches for WooCommerce <= 1.1.20

References

https://patchstack.com/database/wordpress/plugin/variatio...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Muhamad Agil Fachrian (Patchstack Alliance)