CVE-2025-8617
Stored XSS in YITH WooCommerce Quick View Plugin Allows Script Injection
Publication date: 2025-12-13
Last updated on: 2025-12-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yith | woocommerce_quick_view | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2025-8617 involves checking if the YITH WooCommerce Quick View plugin version is 2.7.0 or earlier, as these versions are vulnerable. You can detect the plugin version via the WordPress admin dashboard or by inspecting the plugin files. Additionally, scanning for the presence of the shortcode [yith_quick_view] with suspicious or malicious script content in its attributes may indicate exploitation attempts. Since the vulnerability is a stored XSS via shortcode attributes, monitoring HTTP requests or database entries for injected scripts in product pages or shortcode attributes can help. Specific commands depend on your environment, but for example, you can use WP-CLI to check plugin versions: `wp plugin list | grep yith-woocommerce-quick-view` to find the installed version. To search for suspicious shortcode usage in posts or pages, you might run a database query like: `SELECT ID, post_content FROM wp_posts WHERE post_content LIKE '%[yith_quick_view%';` and then inspect for script tags or suspicious content. Network detection might include monitoring HTTP responses for injected scripts in product quick view modals. However, no explicit detection commands are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the YITH WooCommerce Quick View plugin to version 2.7.1 or later, as these versions include security fixes that sanitize and escape user inputs to prevent stored XSS attacks. The update addresses the vulnerability by properly escaping the quick view button label and sanitizing shortcode attributes. If updating immediately is not possible, restrict contributor-level access and above to trusted users only, as the vulnerability requires authenticated users with at least contributor privileges to exploit. Additionally, consider implementing Web Application Firewall (WAF) rules to block malicious script injections targeting the shortcode attributes. Regularly monitor plugin updates and apply security patches promptly. [1, 2]
Can you explain this vulnerability to me?
This vulnerability is a Stored Cross-Site Scripting (XSS) issue in the YITH WooCommerce Quick View plugin for WordPress, affecting all versions up to 2.7.0. It occurs because the plugin does not properly sanitize or escape user-supplied attributes in its yith_quick_view shortcode. As a result, authenticated users with contributor-level access or higher can inject malicious scripts that will execute whenever any user views the affected page.
How can this vulnerability impact me? :
The vulnerability allows attackers with contributor-level access or higher to inject arbitrary scripts into pages, which can lead to unauthorized actions such as stealing user credentials, hijacking user sessions, defacing websites, or spreading malware. This compromises the security and integrity of the affected website and its users.