CVE-2025-24755

Name of the Vulnerable Software and Affected Versions PDF Invoices for WooCommerce + Drag and Drop Template Builder versions through 4.6.0

Description The issue is related to improper neutralization of input during web page generation, which leads to a Stored Cross-site Scripting (XSS) vulnerability. This allows for the storage of malicious scripts in the application, which can be executed when a user accesses the affected page.

Recommendations For versions through 4.6.0, update to a version later than 4.6.0 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this vulnerability.