CVE-2025-62750
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Filipe Seabra WooCommerce Parcelas woocommerce-parcelas allows DOM-Based XSS.This issue affects WooCommerce Parcelas: from n/a through <= 1.3.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
DOM-based XSS in WooCommerce Parcelas plugin (≤1.3.5) allows attackers can inject malicious scripts via unneutralized input.
The WooCommerce Parcelas plugin for WordPress versions up to and including 1.3.5 contains a DOM-based Cross-Site Scripting (XSS) vulnerability. The root cause is improper neutralization of user-supplied input during web page generation, allowing an attacker to inject arbitrary JavaScript into the DOM of a victim's browser [1].
Exploitation requires user interaction, such as clicking a crafted link or visiting a specially prepared page. The vulnerability can be triggered by any unauthenticated user, making it accessible to remote attackers without prior authentication [1].
Successful exploitation enables an attacker to execute malicious scripts in the context of the victim's session. This can lead to actions such as redirecting users to malicious sites, injecting advertisements, or stealing sensitive information like session cookies [1].
The vendor has not released a patched version; users are advised to update the plugin immediately if a fix becomes available. As a workaround, site administrators should consider disabling the plugin or implementing a web application firewall (WAF) rule to block XSS payloads [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.3.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.