CVE-2025-64200 identifies a stored Cross-site Scripting (XSS) vulnerability in the VillaTheme Email Template Customizer plugin for WooCommerce, specifically affecting versions up to and including 1.2.17. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious scripts to be stored and later executed in the context of users viewing the affected email templates. Exploitation requires an attacker to have high privileges (such as admin or editor roles) within the WooCommerce environment and involves user interaction to trigger the malicious script execution. The vulnerability impacts confidentiality, integrity, and availability to a limited extent, as indicated by the CVSS vector (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). This means the attack can be performed remotely over the network with low attack complexity but requires authenticated access and user interaction, and it affects multiple components or users (scope changed). While no known exploits are currently reported in the wild, the stored XSS can be leveraged for session hijacking, privilege escalation, or delivering further payloads within the WooCommerce administrative interface or customer-facing emails. The plugin is widely used in WooCommerce-based e-commerce sites to customize email templates, making this vulnerability relevant to many online retailers. The lack of available patches at the time of publication necessitates immediate attention to mitigate risks.

For European organizations, this vulnerability can lead to unauthorized script execution within the WooCommerce environment, potentially compromising customer data, administrative accounts, and the integrity of transactional emails. Attackers exploiting this flaw could hijack sessions, manipulate email content, or inject malicious payloads that affect both backend administrators and end-users receiving emails. This can result in reputational damage, loss of customer trust, and regulatory non-compliance under GDPR if personal data is exposed or manipulated. Given the widespread use of WooCommerce in European e-commerce, especially in countries with large online retail sectors like Germany, the UK, France, and the Netherlands, the impact could be significant. Additionally, the vulnerability's ability to affect multiple users (scope changed) increases the risk of broader compromise within affected organizations. The medium severity rating reflects the need for prompt but measured response, balancing the requirement for privileged access and user interaction against the potential damage from exploitation.

European organizations should immediately verify if they use the VillaTheme Email Template Customizer plugin for WooCommerce and identify affected versions (up to 1.2.17). Until a patch is available, restrict plugin access to only the most trusted and necessary users with high privileges to reduce the attack surface. Implement strict input validation and sanitization on all user inputs related to email template customization to prevent malicious script injection. Monitor logs and user activities for unusual behavior indicative of attempted exploitation, such as unexpected changes to email templates or unauthorized access attempts. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the administrative interface and customer email clients. Educate administrators and users about the risks of clicking on suspicious links or interacting with unexpected email content. Once a vendor patch or update is released, prioritize timely deployment. Additionally, consider isolating the WooCommerce environment or using web application firewalls (WAFs) with rules targeting XSS patterns to provide an additional layer of defense.