CVE-2021-25077

CVE-2021-25077: Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting

Vendor Unknown

Product Store Toolkit for WooCommerce

Weakness CWE-79 · XSS

Published February 7, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

February 7, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-25077 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-32456 WordPress Envo Extra plugin <= 1.8.11 - Cross Site Scripting (XSS) vulnerability CVE-2023-48568 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2020-7301 DLP ePO extension - Cross site scripting CVE-2025-7959 Station Pro <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via width and height Parameters CVE-2025-67620 WordPress Anon theme <= 2.2.10 - Reflected Cross Site Scripting (XSS) vulnerability