CVE-2025-49042

Name of the Vulnerable Software and Affected Versions Automattic WooCommerce versions through 10.0.2

Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Cross-site Scripting (XSS) issue. This allows for Stored XSS attacks. The issue affects the web application's handling of user-supplied data when generating web pages, potentially enabling malicious scripts to be injected and executed in the context of other users' browsers.

Recommendations Update to a version newer than 10.0.2.