Reflected XSS in WC MyParcel Belgium by Richard Perdaan
CVE-2025-48279
7.1HIGH
What is CVE-2025-48279?
The WC MyParcel Belgium plugin, developed by Richard Perdaan, contains a vulnerability that allows for reflected Cross-site Scripting (XSS). This issue arises from improper neutralization of user input during web page generation. Attackers could leverage this flaw to execute arbitrary JavaScript code in the context of logged-in users, potentially leading to account takeover or exposure of sensitive information. Specifically, it affects versions 4.5.5 through beta, presenting a significant risk to website owners and users alike.
Affected Version(s)
WC MyParcel Belgium 4.5.5