CVE Catalog
CVE-2026-57329
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.21%
11th percentile — higher than 11% of all known CVEs
Summary
The WooCommerce Designer Pro plugin version 1.9.34 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. It allows an attacker with subscriber role to inject malicious JavaScript code into the page.
Risk Assessment
The risk includes potential session hijacking, redirects to malicious sites, or modification of content visible to other WooCommerce store users.
Recommendation
It is recommended to immediately update the WooCommerce Designer Pro plugin to a version newer than 1.9.34, which fixes this vulnerability.
Original NVD description (English source)
Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

