Cross-site Scripting Vulnerability in WPExperts.io License Manager for WooCommerce
CVE-2025-32522

7.1HIGH

Key Information:

Vendor

WordPress
Status
License Manager For WooCommerce
Vendor
CVE Published:
17 April 2025

What is CVE-2025-32522?

A Cross-site Scripting (XSS) vulnerability exists in WPExperts.io License Manager for WooCommerce, which facilitates the injection of malicious scripts when web pages are generated. This risk affects users running versions up to 3.0.9, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser session, potentially compromising user data and web application integrity.

Affected Version(s)

License Manager for WooCommerce 0 <= 3.0.9

References

https://patchstack.com/database/Wordpress/Plugin/license-...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis (Patchstack Alliance)
.