Code Injection Vulnerability in Stockie Extra Plugin by Colabrio
CVE-2025-64225

Currently unrated

Key Information:

Vendor

WordPress
Status
Stockie Extra
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64225?

A vulnerability exists in the Stockie Extra plugin developed by Colabrio, enabling improper neutralization of script-related HTML tags. This flaw allows for potential code injection attacks, which can be exploited to execute arbitrary code within the context of the web application. Specifically, versions up to and including 1.2.11 are susceptible. Website owners using this plugin should take immediate actions to mitigate risks associated with this vulnerability to protect user data and maintain the integrity of their sites.

Affected Version(s)

Stockie Extra <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/stoc...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bonds | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64225 : Code Injection Vulnerability in Stockie Extra Plugin by Colabrio