Skip to main content

Free Gifts For Woocommerce

1 CVEs product

Monthly

CVE-2026-57396 HIGH This Week

Stored cross-site scripting in the Flintop "Free Gifts for WooCommerce" WordPress plugin (all versions through 13.1.0) lets an attacker inject persistent JavaScript that executes in the browser of anyone viewing the affected page. Reported by Patchstack and tracked as CWE-79, it carries a CVSS 7.1 score driven by a changed scope (S:C), and has no public exploit identified at time of analysis. No CISA KEV listing or POC has been reported, so this is a disclosed-but-not-yet-weaponized web plugin flaw.

XSS WordPress Free Gifts For Woocommerce
NVD
CVSS 3.1
7.1
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH This Week

Stored cross-site scripting in the Flintop "Free Gifts for WooCommerce" WordPress plugin (all versions through 13.1.0) lets an attacker inject persistent JavaScript that executes in the browser of anyone viewing the affected page. Reported by Patchstack and tracked as CWE-79, it carries a CVSS 7.1 score driven by a changed scope (S:C), and has no public exploit identified at time of analysis. No CISA KEV listing or POC has been reported, so this is a disclosed-but-not-yet-weaponized web plugin flaw.

XSS WordPress Free Gifts For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy