Cross-Site Scripting Vulnerability in CrocoBlock JetWooBuilder Plugin
CVE-2025-49927
6.5MEDIUM
What is CVE-2025-49927?
The JetWooBuilder plugin by CrocoBlock is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This issue arises due to improper neutralization of user input during web page generation, allowing attackers to execute arbitrary scripts in a user's browser session. As a result, sensitive data may be exposed or user accounts compromised. Users of JetWooBuilder versions from n/a through 2.1.20.1 should implement timely updates to mitigate this risk.
Affected Version(s)
JetWooBuilder <= n/a