Stored XSS Vulnerability in WooCommerce by Automattic
CVE-2025-49042
What is CVE-2025-49042?
A vulnerability affecting WooCommerce, developed by Automattic, allows for stored cross-site scripting (XSS) attacks. This flaw can enable attackers to inject malicious scripts into web pages viewed by other users, potentially compromising user sessions, defacing web content, or redirecting users to harmful sites. The problem arises due to improper neutralization of user input during page generation, making it crucial for site administrators to update to the latest version to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WooCommerce <= 10.0.2
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved