Skip to main content

Bopo Woocommerce Product Bundle Builder

1 CVEs product

Monthly

CVE-2026-57422 HIGH This Week

Reflected cross-site scripting in the VillaTheme Bopo - WooCommerce Product Bundle Builder plugin for WordPress affects all versions up to and including 1.2.0, letting unauthenticated attackers inject script into a victim's browser session when the victim clicks a crafted link. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C) reflects a scope change, meaning injected script executes in the WordPress site's security context and can target logged-in administrators. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but reflected XSS in WooCommerce plugins is a well-understood and easily weaponized class.

XSS WordPress Bopo Woocommerce Product Bundle Builder
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the VillaTheme Bopo - WooCommerce Product Bundle Builder plugin for WordPress affects all versions up to and including 1.2.0, letting unauthenticated attackers inject script into a victim's browser session when the victim clicks a crafted link. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C) reflects a scope change, meaning injected script executes in the WordPress site's security context and can target logged-in administrators. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but reflected XSS in WooCommerce plugins is a well-understood and easily weaponized class.

XSS WordPress Bopo Woocommerce Product Bundle Builder
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy