Cross-site Scripting Vulnerability in SysBasics WooCommerce Customization Plugin

CVE-2025-24592

What is CVE-2025-24592?

The Customize My Account for WooCommerce plugin developed by SysBasics contains an input sanitization flaw that can be exploited to execute reflected Cross-site Scripting (XSS) attacks. This vulnerability affects versions n/a through 2.8.22, allowing attackers to inject malicious scripts into web pages viewed by users. If triggered, these scripts can hijack user sessions, redirect users to malicious sites, or perform actions on behalf of users without their consent, highlighting the need for prompt updates to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References