CVE-2025-47610 describes a stored cross-site scripting vulnerability in the Wetail WooCommerce Fortnox Integration plugin for WooCommerce, affecting versions up to 4.5.6. The issue is caused by improper neutralization of input during web page generation, which allows attackers with limited privileges to inject malicious scripts that persist and execute when other users view the affected content. The CVSS 3.1 vector indicates the attack requires network access, low complexity, privileges, and user interaction, with impacts on confidentiality, integrity, and availability rated as low to low-medium. No vendor advisory or patch links are currently available, and no known exploitation in the wild has been reported.

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary scripts in the context of other users, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting confidentiality, integrity, and availability to a limited extent. The CVSS score of 6.5 reflects a medium severity with partial impact on system security properties. There is no evidence of active exploitation in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or workaround information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider restricting access to affected plugin features to trusted users and applying web application firewall rules to detect and block potential XSS payloads related to this vulnerability.