Cross-site Scripting Vulnerability in SysBasics WooCommerce Customization Plugin
CVE-2025-24592

7.1HIGH

Key Information:

Vendor: WordPress
Status: Customize My Account For WooCommerce
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-24592?

The Customize My Account for WooCommerce plugin developed by SysBasics contains an input sanitization flaw that can be exploited to execute reflected Cross-site Scripting (XSS) attacks. This vulnerability affects versions n/a through 2.8.22, allowing attackers to inject malicious scripts into web pages viewed by users. If triggered, these scripts can hijack user sessions, redirect users to malicious sites, or perform actions on behalf of users without their consent, highlighting the need for prompt updates to mitigate risks.

Affected Version(s)

Customize My Account for WooCommerce <= 2.8.22

References

https://patchstack.com/database/wordpress/plugin/customiz...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)