cleantalk
Vulnerabilities and Security Researches

Additional Custom Emails for WooCommerce, CVE-2025-48251

CVE, Research URL

CVE-2025-48251

Home page URL

Security reports for Additional Custom Emails for WooCommerce

Application

Additional Custom Emails for WooCommerce

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce allows Stored XSS. This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a through 3.5.1.
Affected versions
Min -, max 3.5.2.
Status
vulnerable
Previous vulnerability researches
bunny.net – WordPress CDN Plugin (CVE-2024-31361) , Jun 07, 2024
bunny.net – WordPress CDN Plugin (CVE-2025-48236) , May 22, 2025
New vulnerability
Additional Custom Emails for WooCommerce (CVE-2025-48251) , May 24, 2025
WP SMTP (CVE-2025-1123) , May 24, 2025
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025
WP Image Mask (CVE-2025-48235) , May 23, 2025
TablePress – Tables in WordPress made easy (CVE-2025-5096) , May 23, 2025