MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2024-49288

CVSS 5.9v3.1pub. 2024-10-17upd. 2026-04-23

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.9.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
  • Villatheme Woocommerce Email Template Customizer

    APP
    Villatheme
    ≤ 1.2.5
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2024-8277CRITICAL9.8PL ✓ten sam vendor

Authentication bypass w WooCommerce Photo Reviews Premium dla WordPress

CVE-2022-41623HIGH7.5ten sam vendor

Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium pl...

CVE-2022-1037HIGH7.2ten sam vendor

The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which ...

CVE-2024-12861MEDIUM6.5ten sam vendor

The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all vers...

CVE-2024-1686MEDIUM4.3ten sam vendor

The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to miss...