Reflected XSS Vulnerability in WP Swings Wallet System for WooCommerce
CVE-2025-32530

7.1HIGH

Key Information:

Vendor: WordPress
Status: Wallet System For WooCommerce
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-32530?

The Wallet System for WooCommerce by WP Swings is susceptible to a reflected cross-site scripting (XSS) vulnerability. This issue arises from improper handling of user input during web page generation, enabling an attacker to execute arbitrary scripts in the context of an affected user's session. Users leveraging vulnerable versions of the plugin, particularly from its initial release through version 2.6.5, are at risk. Prompt updates and implementations of proper input validation measures are essential to mitigate these security threats.

Affected Version(s)

Wallet System for WooCommerce <= 2.6.5

References

https://patchstack.com/database/wordpress/plugin/wallet-s...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)