CVE-2025-23685 HIGH

CVE-2025-23685: WordPress RomanCart On WordPress plugin <= 0.0.2 - Reflected Cross Site Scripting (XSS) vulnerability

Vendor Webtechglobal
Product RomanCart
Weakness CWE-79 · XSS
Published February 3, 2025
Last update May 11, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebTechGlobal RomanCart romancart-on-wordpress allows Reflected XSS.This issue affects RomanCart: from n/a through <= 0.0.2.

Key dates

02Disclosure timeline

February 3, 2025 CVE published
May 11, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-26739 WordPress newseqo theme <= 2.1.1 - Stored Cross Site Scripting (XSS) vulnerability CVE-2023-22715 WordPress WP-CommentNavi Plugin <= 1.12.1 is vulnerable to Cross Site Scripting (XSS) CVE-2026-34564 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS CVE-2025-46518 WordPress IGIT Related Posts With Thumb Image After Posts plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability CVE-2023-46732 Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform