PT-2025-39612 · WordPress · Conditional Cart Messages For Woocommerce

Published

2025-09-26

·

Updated

2025-09-26

·

CVE-2025-60171

CVSS v3.1

7.1

High

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions Conditional Cart Messages for WooCommerce versions through 1.2.10
Description A Cross-Site Request Forgery (CSRF) issue exists that also allows Stored Cross-Site Scripting (XSS). The issue is present in yourplugins Conditional Cart Messages for WooCommerce. The vulnerability allows for the execution of malicious scripts.
Recommendations Update Conditional Cart Messages for WooCommerce to a version later than 1.2.10.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-60171

Affected Products

Conditional Cart Messages For Woocommerce