CVE-2025-50045
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Scripting (XSS) issue in the Related Products Manager for WooCommerce plugin (versions up to 1.6.2). It allows a malicious actor to inject and execute malicious scripts, such as redirects or advertisements, on affected websites when visited by users. The vulnerability is DOM-Based XSS and falls under the OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized script execution on your website, potentially compromising website integrity or user experience. Malicious scripts could redirect users, display unwanted advertisements, or execute other harmful HTML payloads. Although the risk is considered low and exploitation requires contributor-level privileges, it can still negatively affect your site and its visitors. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized script injections or unusual script execution on affected websites using the Related Products Manager for WooCommerce plugin up to version 1.6.2. Since the vulnerability is DOM-based XSS triggered by contributor-level privileges, inspecting web traffic and page source for injected scripts can help. Professional incident response and server-side malware scanning are recommended for compromise detection. No specific commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) solutions offered by Patchstack to auto-mitigate the vulnerability in the absence of an official fix. Users should monitor for plugin updates and avoid granting unnecessary contributor-level privileges that could trigger the exploit. In case of suspected compromise, professional incident response and server-side malware scanning are advised. [1]