CVE-2025-9427

Admin reflected XSS

CVSS 8.4 HIGHEPSS 0.3%CWE-79

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

Lemonsoft · WordPress add-on

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lemondoc.atlassian.net/wiki/spaces/LEMONSHOP/pages/754909038/Versiohistoria+-+Lemonsoft+integration+lis+osa