PT-2026-1307 · WordPress · Ucrm Argentina Afip Invoices Plugin
Published
2026-01-05
·
Updated
2026-02-05
·
CVE-2025-59467
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
UCRM Argentina AFIP invoices Plugin versions 1.2.0 and earlier
Description
A Cross-Site Scripting (XSS) issue exists in the UCRM Argentina AFIP invoices Plugin. Successful exploitation could lead to privilege escalation if an Administrator accesses a malicious page. The plugin is disabled by default.
Recommendations
Update UCRM Argentina AFIP invoices Plugin to version 1.3.0 or later.
Fix
LPE
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ucrm Argentina Afip Invoices Plugin