Stored Cross-site Scripting Vulnerability in WooCommerce by Automattic
CVE-2025-26762

5.9MEDIUM

Key Information:

Vendor: Automattic
Status: WooCommerce
Vendor: CVE Published:; 27 March 2025

What is CVE-2025-26762?

An issue has been identified in WooCommerce, developed by Automattic, where improper neutralization of input during web page generation can lead to stored Cross-site Scripting (XSS). This vulnerability affects WooCommerce versions from n/a through 9.7.0, allowing potential attackers to inject malicious scripts that run in the context of users visiting the affected web pages. It is crucial for users and site administrators to update to the latest version and implement necessary security measures to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WooCommerce <= 9.7.0

References

https://patchstack.com/database/wordpress/plugin/woocomme...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

Savphill (Patchstack Alliance)

JSON

Automattic