PT-2026-1052 · WordPress · Shopbuilder Wordpress Plugin

Gregory Allegoet

Publicado

2026-01-02

Atualizado

2026-01-02

CVE-2025-13456

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions ShopBuilder WordPress plugin versions prior to 3.2.2

Description The ShopBuilder WordPress plugin does not properly sanitize and escape a parameter before outputting it, resulting in a Reflected Cross-Site Scripting issue. This could potentially be used to target users with high privileges, such as administrators.

Recommendations Update to ShopBuilder WordPress plugin version 3.2.2 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2025-13456

Produtos afetados

Shopbuilder Wordpress Plugin

PT-2026-1052 · WordPress · Shopbuilder Wordpress Plugin

CVE-2025-13456

Identificadores relacionados

Produtos afetados

Referências · 6