CVE-2025-24755
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2025-24755 is a Cross-site Scripting (XSS) vulnerability affecting the PDF Invoices for WooCommerce + Drag and Drop Template Builder add-on. The flaw, which allows stored XSS, arises from improper neutralization of user input during web page generation. This issue can be exploited to inject malicious scripts into unsuspecting users' web browsers when they view a manipulated invoice. The vulnerability affects versions of the add-on from n/a through 4.6.0. It is crucial for users to update their installations to the latest patched version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.