CVE-2025-23450
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in agenwebsite AW WooCommerce Kode Pembayaran aw-woocommerce-kode-pembayaran allows Reflected XSS.This issue affects AW WooCommerce Kode Pembayaran: from n/a through <= 1.1.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in AW WooCommerce Kode Pembayaran plugin (<=1.1.4) allows attackers to inject scripts via crafted links, requiring user interaction.
The AW WooCommerce Kode Pembayaran plugin for WordPress versions up to and including 1.1.4 contains a reflected cross-site scripting (XSS) vulnerability. This arises from improper neutralization of user input during web page generation, allowing an attacker to inject arbitrary HTML and JavaScript into a response.
Exploitation requires a privileged user to click a malicious link or visit a specially crafted page. The attacker does not need prior authentication but must trick a user with sufficient privileges, such as an administrator, into performing the action.
Successful exploitation enables the attacker to execute malicious scripts in the context of the victim's session. This can lead to redirects, injection of advertisements, or other HTML payloads, potentially compromising the website's integrity and affecting visitors.
As of the advisory, Patchstack has issued a mitigation rule to block attacks until an official patch is available. Users are advised to update the plugin once a security release is provided or apply the mitigation rule to protect their sites [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <= 1.1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.