Cross-site Scripting Vulnerability in Lehel Mátyus Legal Terms Popup for WooCommerce
CVE-2025-47592

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Legal Terms And Conditions Popup For User Login And WooCommerce Checkout – Tpul
Vendor: CVE Published:; 7 May 2025

Summary

A vulnerability has been identified in the Lehel Mátyus Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL plugin that allows for cross-site scripting (XSS). This issue arises from improper neutralization of user input during web page generation, enabling attackers to inject malicious scripts. When exploited, this stored XSS vulnerability can compromise user data and lead to unauthorized actions within the affected web application. Users of versions prior to 2.0.3 should take immediate measures to secure their sites.

Affected Version(s)

Legal Terms and Conditions Popup for User Login and WooCommerce Checkout – TPUL <= 2.0.3

References

https://patchstack.com/database/wordpress/plugin/terms-po...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

Nabil Irawan (Patchstack Alliance)