Cross-Site Scripting Vulnerability in Quick View for WooCommerce by ShapedPlugin LLC
CVE-2025-58228

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Quick View For WooCommerce
Vendor
CVE Published:
22 September 2025

What is CVE-2025-58228?

The Quick View for WooCommerce plugin by ShapedPlugin LLC is susceptible to a Cross-Site Scripting (XSS) vulnerability that permits the storage of malicious scripts. This flaw arises from improper sanitization of user inputs during web page generation, potentially allowing attackers to inject harmful scripts that would execute in the context of a user's session. This vulnerability spans versions from n/a up to 2.2.16, posing a significant risk to user data and site integrity.

Affected Version(s)

Quick View for WooCommerce <= 2.2.16

References

https://patchstack.com/database/wordpress/plugin/woo-quic...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Prissy (Patchstack Alliance)
JSON
.
CVE-2025-58228 : Cross-Site Scripting Vulnerability in Quick View for WooCommerce by ShapedPlugin LLC