CVE Details
Basic Information
| Title |
CVE-2025-5062 |
| Type |
cve |
| Published |
2025-05-22T04:16:22 |
| Last Seen |
2025-05-22T04:26:22 |
CVSS Information
| Base Score |
6.1 (MEDIUM) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
NONE |
| User Interaction |
REQUIRED |
| Scope |
CHANGED |
| Confidentiality Impact |
LOW |
| Integrity Impact |
LOW |
| Availability Impact |
NONE |
AI Analysis
| AI Description |
The WooCommerce plugin for WordPress is vulnerable to a PostMessage-based Cross-Site Scripting attack due to insufficient input sanitization and output escaping on the ‘customize-store’ page. This vulnerability affects all versions up to and including 9.4.2, potentially allowing attackers to inject malicious scripts. |
| AI Severity |
Medium |
| Vendor |
Automattic |
| Product |
WooCommerce |
| Affected Version |
<= 9.4.2 |
Additional Information
| CVE List |
CVE-2025-5062 |
| CWE List |
CWE-79 |
| Bulletin Family |
cve |
Description
The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This…
CVSS Score Summary
Base Score: %!f(string=#) (MEDIUM)
View Full CVE Details
