Cross-site Scripting Vulnerability in Themeisle PPOM for WooCommerce
CVE-2025-24668

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Ppom For WooCommerce
Vendor: CVE Published:; 24 January 2025

Summary

A Cross-site Scripting (XSS) vulnerability in the Themeisle PPOM for WooCommerce plugin enables attackers to inject malicious scripts into web pages. This flaw affects versions from n/a up to 33.0.8, allowing for stored XSS attacks that can compromise user sessions or data. Website operators using this plugin should take immediate action to secure their applications and prevent exploitation.

Affected Version(s)

PPOM for WooCommerce <= 33.0.8

References

https://patchstack.com/database/wordpress/plugin/woocomme...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

savphill (Patchstack Alliance)