Reflected Cross-Site Scripting Vulnerability in WP Shopify Plugin
CVE-2025-7808

Currently unrated

Key Information:

Vendor: WordPress
Status: WP Shopify
Vendor: CVE Published:; 14 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-7808?

The WP Shopify plugin for WordPress prior to version 1.5.4 contains a vulnerability that allows reflected cross-site scripting (XSS). This issue arises from the failure to properly sanitize and escape a parameter before rendering it on the webpage. As a result, attackers could exploit this vulnerability, particularly targeting users with elevated privileges, such as administrators. Successful exploitation may allow an attacker to execute malicious scripts in the context of a victim's browser session.

Affected Version(s)

WP Shopify 0 < 1.5.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-7808 - Proof of Concept

References

https://wpscan.com/vulnerability/fa199423-6526-47f6-bab5-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 14, 2025
👾
Exploit known to exist
Aug 14, 2025
Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

Bob Matyas

WPScan