Cross-Site Scripting Vulnerability in SMS Alert Order Notifications for WooCommerce
CVE-2025-26984
6.1MEDIUM
Key Information:
- Vendor
- Cozy Vision
- Status
- Sms Alert Order Notifications – WooCommerce
- Vendor
- CVE Published:
- 3 March 2025
Summary
A vulnerability has been identified in the SMS Alert Order Notifications plugin for WooCommerce that permits reflected Cross-Site Scripting (XSS) attacks. This can occur due to improper neutralization of input during web page generation. Attackers might exploit this vulnerability to inject malicious scripts, potentially compromising users' sensitive information and overall website security. The affected versions range from n/a through 3.7.8, highlighting the need for users to ensure they are running the latest patched version to mitigate this risk.
Affected Version(s)
SMS Alert Order Notifications – WooCommerce <= 3.7.8
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Hakiduck (Patchstack Alliance)