CVE-2026-57329
Received Received - Intake

Subscriber XSS in WooCommerce Designer Pro

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Patchstack

Description
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-29
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-57329
EUVD
EUVD-2026-40100

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
patchstack woocommerce_designer_pro to 1.9.34 (inc)
patchstack woocommerce_designer_pro 1.9.35

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify how the Cross Site Scripting (XSS) vulnerability in WooCommerce Designer Pro affects compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

The WordPress WooCommerce Designer Pro Plugin, versions 1.9.34 and below, contains a Cross Site Scripting (XSS) vulnerability identified as CVE-2026-57329.

This vulnerability allows attackers to inject malicious scripts into websites using the plugin. These scripts execute when visitors access the affected site.

Exploiting this flaw requires a privileged user to perform an action, such as clicking a malicious link.

Impact Analysis

The vulnerability can lead to attackers executing malicious scripts on your website, which may cause harmful actions such as redirects to malicious sites or displaying unwanted advertisements.

Because the vulnerability requires a privileged user action, it poses a moderate risk but could be exploited in large-scale attacks targeting many websites.

This can compromise the integrity and user experience of your website, potentially damaging your reputation and user trust.

Mitigation Strategies

To mitigate the WooCommerce Designer Pro Plugin Cross Site Scripting (XSS) vulnerability (CVE-2026-57329), users should immediately update the plugin to version 1.9.35 or later.

Until the update is applied, it is recommended to use the mitigation rule provided by Patchstack to block attacks exploiting this vulnerability.

Detection Guidance

This vulnerability is a Cross Site Scripting (XSS) flaw in WooCommerce Designer Pro plugin versions 1.9.34 and below. Detection typically involves identifying if the vulnerable plugin version is installed and if malicious scripts are being injected or executed.

To detect the vulnerability on your system, first verify the plugin version installed on your WordPress site. You can do this by checking the plugin details in the WordPress admin dashboard or by running commands on the server hosting the site.

  • Check the plugin version via WP-CLI: `wp plugin get wc-designer-pro --field=version`
  • Search for suspicious script injections in the website files or database, for example, by scanning for common XSS payload patterns in posts or plugin files.
  • Monitor web traffic for unusual redirects or script executions that could indicate exploitation attempts.

Until the plugin is updated to version 1.9.35 or later, applying mitigation rules such as those provided by Patchstack can help block attack attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57329. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart