CVE-2025-47592

{"id": "CVE-2025-47592", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 1.7}]}, "published": "2025-05-07T15:16:12.787", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/terms-popup-on-user-login/vulnerability/wordpress-legal-terms-and-conditions-popup-for-user-login-and-woocommerce-checkout-tpul-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lehel M\u00e1tyus Legal Terms and Conditions Popup for User Login and WooCommerce Checkout \u2013 TPUL allows Stored XSS. This issue affects Legal Terms and Conditions Popup for User Login and WooCommerce Checkout \u2013 TPUL: from n/a through 2.0.3."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Lehel M\u00e1tyus Legal Terms and Conditions Popup for User Login and WooCommerce Checkout \u2013 TPUL permite XSS almacenado. Este problema afecta a la ventana emergente de T\u00e9rminos y Condiciones Legales para el inicio de sesi\u00f3n de usuario y el pago de WooCommerce (TPUL): desde n/d hasta la versi\u00f3n 2.0.3."}], "lastModified": "2025-05-08T14:39:09.683", "sourceIdentifier": "audit@patchstack.com"}