CVE-2021-25001

CVE-2021-25001: Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module

Vendor Unknown
Product Booster for WooCommerce
Weakness CWE-79 · XSS
Published January 3, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Booster for WooCommerce WordPress plugin before 5.4.9 does not sanitise and escape the wcj_create_products_xml_result parameter before outputting back in the admin dashboard when the Product XML Feeds module is enabled, leading to a Reflected Cross-Site Scripting issue

Key dates

02Disclosure timeline

January 3, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-24563 WordPress Cleanup – Directory Listing & Classifieds plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-30907 WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability CVE-2026-31822 Sylius has a XSS vulnerability in checkout login form CVE-2026-24955 WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-57702 Reflected Cross-site Scripting in DIAEnergie