PT-2026-1052 · WordPress · Shopbuilder Wordpress Plugin
Gregory Allegoet
·
Published
2026-01-02
·
Updated
2026-01-02
·
CVE-2025-13456
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ShopBuilder WordPress plugin versions prior to 3.2.2
Description
The ShopBuilder WordPress plugin does not properly sanitize and escape a parameter before outputting it, resulting in a Reflected Cross-Site Scripting issue. This could potentially be used to target users with high privileges, such as administrators.
Recommendations
Update to ShopBuilder WordPress plugin version 3.2.2 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Shopbuilder Wordpress Plugin