PT-2025-36195 · Unknown +1 · Woocommerce +1

Nguyen Xuan Chien

·

Published

2025-09-05

·

Updated

2025-09-05

·

CVE-2025-58856

Report an issue
CVSS v3.1
6.5
VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions:

ablancodev Woocommerce Notify Updated Product versions through 1.6

Description:

A Cross-Site Request Forgery (CSRF) vulnerability exists in ablancodev Woocommerce Notify Updated Product, which also allows Stored Cross-Site Scripting (XSS).

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.

CSRF

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-58856

Affected Products

Woocommerce
Woocommerce Notify Updated Product