CVE Details
Basic Information
| Title | CVE-2025-48248 |
|---|---|
| Type | cve |
| Published | 2025-05-19T15:15:27 |
| Last Seen | 2025-05-19T15:18:34 |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | NETWORK |
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | LOW |
| Integrity Impact | LOW |
| Availability Impact | LOW |
AI Analysis
| AI Description | A stored XSS vulnerability in the Sitewide Discount for WooCommerce plugin allows attackers to inject malicious scripts. This can lead to unauthorized actions on behalf of users. The issue is related to improper input neutralization during web page generation. |
|---|---|
| AI Severity | Medium |
| Vendor | WordPress Community |
| Product | Sitewide Discount for WooCommerce |
| Affected Version |
Additional Information
| CVE List | CVE-2025-48248 |
|---|---|
| CWE List | CWE-79 |
| Bulletin Family | cve |
Description
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products allows Stored XSS. This issue affects Sitewide Discount for WooCommerce:…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)