CVE-2025-32180

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojofywp Product Carousel For WooCommerce – WoorouSell woorousell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through <= 1.1.0.

CVSS

No CVSS.

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/woorousell/vulnerability/wordpress-product-carousel-for-woocommerce-woorousell-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

Configurations

No configuration.

History

01 Apr 2026, 17:22

Type	Values Removed	Values Added
References	{'url': 'https://patchstack.com/database/wordpress/plugin/css3_tooltips/vulnerability/wordpress-css3-tooltips-for-wordpress-1-8-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/woorousell/vulnerability/wordpress-product-carousel-for-woocommerce-woorousell-plugin-1-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve -
CWE	~~CWE-862~~	CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : unknown
Summary	(en) Missing Authorization vulnerability in QuanticaLabs CSS3 Tooltips for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CSS3 Tooltips for WordPress: from n/a through 1.8.	(en) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojofywp Product Carousel For WooCommerce – WoorouSell woorousell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through <= 1.1.0.

19 May 2025, 13:35

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de falta de autorización en QuanticaLabs CSS3 Tooltips for WordPress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las descripciones emergentes CSS3 para WordPress desde la versión n/d hasta la 1.8.

16 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-16 16:15

Updated : 2026-04-01 17:22

NVD link : CVE-2025-32180

Mitre link : CVE-2025-32180

CVE.ORG link : CVE-2025-32180

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON object

Attach tags to CVE-2025-32180

Attach tags to `CVE-2025-32180`