CVE Catalog

CVE-2026-57329

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile — higher than 11% of all known CVEs

Summary

The WooCommerce Designer Pro plugin version 1.9.34 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. It allows an attacker with subscriber role to inject malicious JavaScript code into the page.

Risk Assessment

The risk includes potential session hijacking, redirects to malicious sites, or modification of content visible to other WooCommerce store users.

Recommendation

It is recommended to immediately update the WooCommerce Designer Pro plugin to a version newer than 1.9.34, which fixes this vulnerability.

Original NVD description (English source)

Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro <= 1.9.34 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS