Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through <= 1.2.0.
References
Configurations
History
29 Jan 2026, 16:17
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://patchstack.com/database/Wordpress/Plugin/wc-builder/vulnerability/wordpress-wc-builder-plugin-1-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve - Third Party Advisory | |
| CPE | cpe:2.3:a:hasthemes:wc_builder:*:*:*:*:*:wordpress:*:* | |
| First Time |
Hasthemes wc Builder
Hasthemes |
20 Jan 2026, 15:19
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
|
24 Dec 2025, 20:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
24 Dec 2025, 13:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-24 13:16
Updated : 2026-01-29 16:17
NVD link : CVE-2025-68533
Mitre link : CVE-2025-68533
CVE.ORG link : CVE-2025-68533
JSON object : View
Products Affected
hasthemes
- wc_builder
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')