cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2025-49042

CVE, Research URL

CVE-2025-49042

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Oct 29, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.
Affected versions
max 10.0.2.
Status
vulnerable
Previous vulnerability researches
CM WordPress FAQ Plugin – Accordion FAQ Solution (CVE-2025-24758) , Feb 19, 2025
CM WordPress FAQ Plugin – Accordion FAQ Solution (CVE-2025-2166) , Mar 15, 2025
New vulnerability
WP 2FA – Two-factor authentication for WordPress (CVE-2025-12628) , Dec 09, 2025
WooCommerce (CVE-2025-49042) , Dec 09, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-13054) , Dec 04, 2025
Visualizer: Tables and Charts Manager for WordPress (CVE-2025-12483) , Dec 04, 2025
Orbit Fox by ThemeIsle (CVE-2025-12045) , Dec 04, 2025