CVE-2025-22337

Name of the Vulnerable Software and Affected Versions Infosoft Consultant Order Audit Log for WooCommerce versions n/a through 2.0

Description The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This can be exploited by sending a malicious link to a user, which, when clicked, can execute arbitrary code on the user's browser. There is no information provided about a public exploit or whether the vulnerability has been exploited by attackers. No information is available about the number of Internet users that can be affected by the exploitation of this vulnerability.

Recommendations For versions n/a through 2.0, update to a version later than 2.0 to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable pages or modules until a patch is available. Avoid using links from untrusted sources to minimize the risk of exploitation.