PT-2025-51083 · Unknown+1 · Woocommerce+1
Djaidja Moundjid
·
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-8617
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
YITH WooCommerce Quick View plugin versions prior to 2.7.1
Description
The YITH WooCommerce Quick View plugin for WordPress has a flaw that allows an attacker to inject malicious code into web pages. This is due to inadequate handling of user-provided information and insufficient protection of output. An authenticated attacker with contributor-level access or higher can exploit this to insert arbitrary web scripts into pages. These scripts will then run when a user visits the compromised page. The vulnerability exists because of insufficient input sanitization and output escaping on user supplied attributes within the plugin’s
yith quick view shortcode.Recommendations
Update the YITH WooCommerce Quick View plugin to version 2.7.1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce
Yith Woocommerce Quick View