Stored Cross-Site Scripting Vulnerability in SysBasics Customize My Account for WooCommerce Plugin
CVE-2026-15324
4.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 16 July 2026
What is CVE-2026-15324?
The SysBasics Customize My Account for WooCommerce plugin for WordPress is affected by a Stored Cross-Site Scripting vulnerability through the 'row_type' parameter. This issue arises from inadequate input sanitization and output escaping, enabling authenticated users with shop manager-level access or higher to inject arbitrary scripts. These malicious scripts execute whenever a user interacts with the compromised pages, posing a risk to site security and user data integrity.
Affected Version(s)
SysBasics Customize My Account for WooCommerce β Live My Account Customizer 0 <= 4.4.14