Skip to main content

Woocommerce Designer Pro

1 CVEs product

Monthly

CVE-2026-57329 MEDIUM This Month

Stored Cross-Site Scripting in WooCommerce Designer Pro (WordPress plugin) versions 1.9.34 and earlier allows authenticated subscribers to inject malicious scripts that execute in the browsers of other users, including administrators. The scope change (S:C in CVSS) indicates injected payloads can cross privilege boundaries, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the subscriber-level entry point lowers the bar for exploitation on any site permitting account registration.

WordPress XSS Woocommerce Designer Pro
NVD
CVSS 3.1
6.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Stored Cross-Site Scripting in WooCommerce Designer Pro (WordPress plugin) versions 1.9.34 and earlier allows authenticated subscribers to inject malicious scripts that execute in the browsers of other users, including administrators. The scope change (S:C in CVSS) indicates injected payloads can cross privilege boundaries, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit code and no CISA KEV listing have been identified at time of analysis, though the subscriber-level entry point lowers the bar for exploitation on any site permitting account registration.

WordPress XSS Woocommerce Designer Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy