PT-2025-38689 · WordPress · Etsy Shop
Bob Matyas
·
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-9115
CVSS v3.1
5.6
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Etsy Shop WordPress plugin versions prior to 3.0.7
Description
The plugin does not properly sanitize the
$ SERVER['REQUEST URI'] parameter before using it in an attribute, potentially allowing for Reflected Cross-Site Scripting in older web browsers. The $ SERVER['REQUEST URI'] parameter is used without escaping, which could allow an attacker to inject malicious scripts.Recommendations
Update to Etsy Shop WordPress plugin version 3.0.7 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Etsy Shop