cleantalk
Vulnerabilities and Security Researches

Laposta WooCommerce, CVE-2025-49434

CVE, Research URL

CVE-2025-49434

Home page URL

Security reports for Laposta WooCommerce

Application

Laposta WooCommerce

Published on
Aug 20, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stijnvanderree Laposta WooCommerce allows Stored XSS. This issue affects Laposta WooCommerce: from n/a through 1.9.1.
Affected versions
Min -, max 1.9.1.
Status
vulnerable
Previous vulnerability researches
Jenga Payment Gateway for WooCommerce (CVE-2025-49432) , Aug 20, 2025
New vulnerability
Themify Builder (CVE-2025-49396) , Aug 23, 2025
NEX-Forms – Ultimate Form Builder – Contact forms and much more (CVE-2025-49399) , Aug 22, 2025
iFrame Block (CVE-2025-49411) , Aug 22, 2025
The Plus Blocks for Block Editor | Gutenberg (CVE-2025-8567) , Aug 22, 2025
WP Visitor Statistics (Real Time Traffic) (CVE-2025-49400) , Aug 22, 2025