PT-2025-48640 · WordPress · Kadence Woocommerce Email Designer
Angus Girvan
·
Published
2025-12-02
·
Updated
2025-12-02
·
CVE-2025-13387
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Kadence WooCommerce Email Designer versions prior to 1.5.18
Description
The Kadence WooCommerce Email Designer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs because of inadequate input sanitization and output escaping related to the customer name. An unauthenticated attacker can inject malicious web scripts that will execute when a user accesses the affected page.
Recommendations
Update Kadence WooCommerce Email Designer to version 1.5.18 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kadence Woocommerce Email Designer