Stored Cross-Site Scripting in Dynamic AJAX Product Filters for WooCommerce
CVE-2025-6255
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 28 August 2025
What is CVE-2025-6255?
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress has a vulnerability that allows authenticated attackers to perform Stored Cross-Site Scripting (XSS) via the āclassNameā parameter. This issue arises from inadequate input sanitization and output escaping in all versions up to and including 1.3.7. With Contributor-level access or higher, an attacker can inject deceptive web scripts, which can then execute whenever a user visits a compromised page, posing a significant threat to user session security and site reliability.
Affected Version(s)
Dynamic AJAX Product Filters for WooCommerce * <= 1.3.7