Reflected XSS in WC MyParcel Belgium by Richard Perdaan
CVE-2025-48279

7.1HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
9 June 2025

What is CVE-2025-48279?

The WC MyParcel Belgium plugin, developed by Richard Perdaan, contains a vulnerability that allows for reflected Cross-site Scripting (XSS). This issue arises from improper neutralization of user input during web page generation. Attackers could leverage this flaw to execute arbitrary JavaScript code in the context of logged-in users, potentially leading to account takeover or exposure of sensitive information. Specifically, it affects versions 4.5.5 through beta, presenting a significant risk to website owners and users alike.

Affected Version(s)

WC MyParcel Belgium 4.5.5

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ryan Novotny (Patchstack Alliance)
.