cleantalk
Vulnerabilities and Security Researches

WC Return products, CVE-2025-59004

CVE, Research URL

CVE-2025-59004

Home page URL

Security reports for WC Return products

Application

WC Return products

Published on
Oct 22, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pco_58 WC Return products wc-return-product allows Reflected XSS.This issue affects WC Return products: from n/a through <= 1.5.
Affected versions
max 1.5.
Status
vulnerable
Previous vulnerability researches
qnotsquiz (CVE-2025-12016) , Nov 10, 2025
New vulnerability
YourMembership Single Sign On – YM SSO Login (CVE-2025-10648) , Nov 11, 2025
RealPress &#8211; Real Estate Plugin (CVE-2025-11191) , Nov 11, 2025
WSAnalytics &#8211; Google Analytics And Dashboards (CVE-2025-48097) , Nov 11, 2025
Blog2Social: Social Media Auto Post &amp; Scheduler (CVE-2025-12560) , Nov 11, 2025
Blog2Social: Social Media Auto Post &amp; Scheduler (CVE-2025-12563) , Nov 11, 2025