Skip to main content

Sysbasics Customize My Account For Woocommerce Live My Account Customizer

1 CVEs product

Monthly

CVE-2026-15324 MEDIUM This Month

Stored Cross-Site Scripting in the SysBasics Customize My Account for WooCommerce plugin (all versions through 4.4.14) allows authenticated shop managers to persist malicious scripts via the unsanitized 'row_type' parameter, executing in any user's browser upon visiting the compromised My Account page. The CVSS scope change (S:C) confirms cross-user impact - injected scripts run in victim sessions, enabling session hijacking or credential theft beyond the attacker's own context. No public exploit code or CISA KEV listing is confirmed at time of analysis; risk is substantially gated by the shop manager privilege requirement.

WordPress XSS Sysbasics Customize My Account For Woocommerce Live My Account Customizer
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
EPSS 0% CVSS 4.4
MEDIUM This Month

Stored Cross-Site Scripting in the SysBasics Customize My Account for WooCommerce plugin (all versions through 4.4.14) allows authenticated shop managers to persist malicious scripts via the unsanitized 'row_type' parameter, executing in any user's browser upon visiting the compromised My Account page. The CVSS scope change (S:C) confirms cross-user impact - injected scripts run in victim sessions, enabling session hijacking or credential theft beyond the attacker's own context. No public exploit code or CISA KEV listing is confirmed at time of analysis; risk is substantially gated by the shop manager privilege requirement.

WordPress XSS Sysbasics Customize My Account For Woocommerce Live My Account Customizer
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy