5 matches found
CVE-2025-5285
creationtimestamp| type| source ---|---|--- 2025-05-31 07:12:07+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqh6ziybx7d2 2025-05-31 11:52:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqhopnjuiu2m...
CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter
The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter
The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-5285
CVE-2025-5285 targets the WordPress plugin Product Subtitle for WooCommerce. The vulnerability is a Stored Cross-Site Scripting via the htmlTag parameter in all versions up to and including 1.3.9, exploitable by authenticated users with Contributor-level access and above to inject scripts on page...
WordPress Product Subtitle for WooCommerce plugin <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via htmlTag Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Product Subtitle for WooCommerce versions = 1.3.9...