CVE-2025-64200

Q: What is CVE-2025-64200?

the product from the vendor is impacted (CWE: unspecified).

Q: How can I mitigate CVE-2025-64200?

Until patched, restrict exposure, enforce least privilege, and monitor for suspicious activity.

CVSS 5.9 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
Published: 1761729339
Last modified: 1761750945

CVE-2025-64200 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17. [Severity (CVSS) 5.9]

Related CVE by CWE

No related CWE found.

Top CVE for Vendor

No vendor taxonomy on this entry.

Recently Exploited Similar Vulnerabilities

No recent KEV-listed items for this vendor/product.

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17.

🧠 Explainer: What this vulnerability means

Summary: the product from the vendor is impacted (CWE: unspecified).

Impact: Systems could be compromised, leading to confidentiality, integrity, or availability loss.

Mitigation: Until patched, restrict exposure, enforce least privilege, and monitor for suspicious activity.

No vendor/product data yet.

No explicit mitigation/advisory links found in references.

Related CVE by CWE

Risk snapshot

Related CVE by CWE

Top CVE for Vendor

Recently Exploited Similar Vulnerabilities

🧠 Explainer: What this vulnerability means