Cross-Site Scripting Vulnerability in WooCommerce Photo Reviews by VillaTheme
CVE-2025-47570

7.1HIGH

Key Information:

Vendor

WordPress
Status
WooCommerce Photo Reviews
Vendor
CVE Published:
9 September 2025

What is CVE-2025-47570?

A Cross-Site Scripting (XSS) vulnerability exists in the WooCommerce Photo Reviews plugin by VillaTheme, which allows attackers to inject malicious scripts into web pages. This issue affects all versions of the plugin up to 1.3.13, posing a significant risk to users as it can result in unauthorized actions or data theft when exploited. Proper input sanitization and validation are crucial to mitigate this vulnerability and protect user data.

Affected Version(s)

WooCommerce Photo Reviews <= 1.3.13

References

https://patchstack.com/database/wordpress/plugin/woocomme...
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bonds (Patchstack Alliance)
.