Cross-site Scripting Vulnerability in WooCommerce Registration Fields Plugin by Extendons
CVE-2025-49947
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 22 October 2025
What is CVE-2025-49947?
An input validation flaw exists in the Extendons WooCommerce Registration Fields Plugin - Custom Signup Fields which may allow attackers to exploit reflected cross-site scripting (XSS) vulnerabilities. This weakness enables attackers to inject malicious scripts into web pages viewed by users, potentially compromising sensitive data or sessions. Users of versions up to 3.2.3 should apply necessary updates to mitigate these security risks.
Affected Version(s)
WooCommerce Registration Fields Plugin - Custom Signup Fields <= n/a