How to fix CVE-2025-47487?

Within 24 hours: Identify all WordPress instances using MC Woocommerce Wishlist plugin and document affected versions. Within 7 days: Implement WAF rules to detect and block XSS payloads targeting the vulnerable parameter; disable the wishlist feature if not business-critical pending patch availability. Within 30 days: Monitor vendor advisories for patch release; prepare deployment procedures and test in staging environment before production rollout.

Is PHP affected by CVE-2025-47487?

A reflected cross-site scripting (XSS) vulnerability in the MC Woocommerce Wishlist plugin (versions up to 1.9.1) could allow attackers to inject malicious scripts that execute in customer browsers, potentially compromising user sessions, stealing credentials, or redirecting customers to fraudulent…

CVE-2025-47487

EUVD-2025-17517 HIGH

2025-06-09 [email protected]

WordPress XSS PHP

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17517

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 16:15 nvd

HIGH 7.1

DescriptionNVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.

AnalysisAI

A remote code execution vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS (CVSS 7.1). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-79 (Cross-site Scripting). CVSS 7.1 indicates high severity. Affects moreconvert MC Woocommerce Wishlist allows Reflected XSS.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-47487 vulnerability details – vuln.today

Back