Cross-Site Scripting Vulnerability in WPFactory Cost of Goods for WooCommerce
CVE-2025-48240
6.5MEDIUM
What is CVE-2025-48240?
A Cross-Site Scripting (XSS) vulnerability exists in the WPFactory Cost of Goods for WooCommerce plugin. This security flaw facilitates the possibility of Stored XSS, allowing attackers to inject malicious scripts into web pages viewed by users. This vulnerability affects versions from n/a up to 3.7.0 of the plugin. It is crucial for website administrators who utilize this product to implement necessary patches to mitigate the risk of exploitation.
Affected Version(s)
Cost of Goods for WooCommerce <= 3.7.0