Code Injection Vulnerability in Dynamic Pricing Plugin for WooCommerce by Acowebs
CVE-2025-47588

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Dynamic Pricing With Discount Rules For WooCommerce
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-47588?

An improper control of code generation vulnerability exists in Acowebs' Dynamic Pricing With Discount Rules plugin for WooCommerce. This flaw allows an attacker to inject malicious code, posing a significant security risk. The vulnerability impacts versions of the plugin up to 4.5.9, thus necessitating immediate attention to secure the application against potential exploits.

Affected Version(s)

Dynamic Pricing With Discount Rules for WooCommerce <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/aco-...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
May 7, 2025

Credit

tratt | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-47588?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit