Reflected Cross-Site Scripting Vulnerability in Etsy Shop WordPress Plugin
CVE-2025-9115
Currently unrated
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-9115?
The Etsy Shop WordPress plugin, prior to version 3.0.7, is susceptible to a vulnerability that fails to properly escape the $_SERVER['REQUEST_URI'] parameter. This oversight allows attackers to inject malicious scripts into user sessions through reflected cross-site scripting (XSS) attacks, especially in older web browsers. This vulnerability can compromise user data and hijack sessions, highlighting the importance of applying the latest updates to mitigate potential threats.
Affected Version(s)
Etsy Shop 0 < 3.0.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.