PT-2025-43219 · Robokassa · Robokassa Payment Gateway For Woocommerce

Published

2025-10-22

Updated

2025-11-18

CVE-2025-49958

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Robokassa payment gateway for Woocommerce versions through 1.8.1

Description The Robokassa payment gateway for Woocommerce contains a flaw related to improper neutralization of input during web page generation, which allows for Reflected Cross-site Scripting (XSS). This issue could potentially allow an attacker to inject malicious scripts into web pages viewed by users. The vulnerability exists due to insufficient input validation when generating web pages.

Recommendations Update Robokassa payment gateway for Woocommerce to a version later than 1.8.1.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2025-49958

Affected Products

Robokassa Payment Gateway For Woocommerce

PT-2025-43219 · Robokassa · Robokassa Payment Gateway For Woocommerce

CVE-2025-49958

Weakness Enumeration

Related Identifiers

Affected Products

References · 5