CVE-2025-24592

High

Published: 14 February 2025

Published

14 February 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0013 32.1th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24592 is a high-severity Cross-site Scripting (CWE-79) vulnerability. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 32.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the improper neutralization of input by enforcing validation of user inputs to prevent injection of malicious scripts in the WooCommerce plugin.

SI-15 Information Output Filtering good match

prevent

Enforces output filtering during web page generation to neutralize reflected XSS payloads before they execute in the victim's browser.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the known flaw in the Customize My Account for WooCommerce plugin by applying patches beyond version 2.8.22.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

T1539 Steal Web Session Cookie Credential Access

An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.

attack.mitre.org →

Why these techniques?

Reflected XSS in public-facing WordPress plugin directly enables T1190 (exploit public-facing app); attack requires malicious link delivery (T1566.002); script execution facilitates stealing web session cookies (T1539).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a through <= 2.8.22.

Deeper analysisAI

CVE-2025-24592 is a reflected cross-site scripting (XSS) vulnerability, classified under CWE-79 for improper neutralization of input during web page generation, affecting the SysBasics Customize My Account for WooCommerce WordPress plugin. The issue impacts all versions of the plugin up to and including 2.8.22. It carries a CVSS v3.1 base score of 7.1, rated High, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network accessibility, low complexity, no privileges required, user interaction needed, changed scope, and low impacts to confidentiality, integrity, and availability.

An attacker can exploit this vulnerability by crafting malicious input that is reflected unsanitized in the web page generated by the plugin, tricking a user into accessing a malicious link or submitting tainted input on a vulnerable WordPress site. No authentication is required, but user interaction is necessary, such as clicking a link in a phishing email or visiting a malicious site. Successful exploitation allows the attacker to execute arbitrary scripts in the victim's browser context, potentially stealing session cookies, defacing pages, or performing actions on behalf of the user within the site's scope.

Patchstack's advisory, referenced in the CVE details, documents the vulnerability in version 2.8.22 and recommends updating the Customize My Account for WooCommerce plugin to a patched version beyond 2.8.22 to mitigate the issue. Security practitioners should verify plugin updates via the official WordPress repository and apply them promptly on affected sites.

Details

CWE(s): CWE-79

CVEs Like This One

CVE-2024-56029Shared CWE-79

CVE-2025-24557Shared CWE-79

CVE-2025-67952Shared CWE-79

CVE-2026-7371Shared CWE-79

CVE-2026-32529Shared CWE-79

CVE-2025-23646Shared CWE-79

CVE-2025-24710Shared CWE-79

CVE-2025-24700Shared CWE-79

CVE-2025-23681Shared CWE-79

CVE-2025-68845Shared CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/customize-my-account-for-woocommerce/vulnerability/wordpress-sysbasics-customize-my-account-for-woocommerce-plugin-2-8-22-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com