CVE-2025-14298

CVE-2025-14298 (FiboSearch – Ajax Search for WooCommerce) stores cross-site scripting via thegem_te_search shortcode in all versions up to 1.32.0. Exploitation requires TheGem Theme (premium) with Header Builder mode and FiboSearch’s "Replace search bars" option enabled for TheGem integration. Th...