Cross-site Scripting Vulnerability in Spring Devs Pre Order Addon for WooCommerce
CVE-2025-26553
Currently unrated
What is CVE-2025-26553?
A vulnerability in the Spring Devs Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin allows for reflected Cross-site Scripting (XSS) attacks. This occurs due to improper neutralization of input during web page generation, potentially enabling attackers to inject malicious scripts into web pages viewed by users. The vulnerability affects versions of the plugin from n/a to 2.2, exposing users to potential security risks if not properly mitigated.
References
Timeline
Vulnerability published