The vulnerability CVE-2025-26541 affects the CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce plugin (versions up to 1.7.6). It is a reflected Cross-site Scripting (XSS) flaw caused by improper neutralization of input during web page generation. This allows an attacker to inject malicious scripts that execute in the victim's browser when the crafted input is reflected in the web page output. The CVSS score is 7.1, indicating a high severity with network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser session. This may lead to the disclosure of sensitive information, modification of web content, or disruption of service. The CVSS vector indicates limited but notable impacts on confidentiality, integrity, and availability.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider disabling or restricting use of the affected plugin version. Implementing web application firewalls (WAF) with XSS filtering may provide temporary mitigation. Monitor vendor channels for updates and apply patches promptly once released.