CVE-2025-64289 identifies a stored cross-site scripting (XSS) vulnerability in the Premmerce Product Search plugin for WooCommerce, specifically versions up to and including 2.2.4. This vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious scripts to be stored and later executed in the context of users viewing affected pages. The attack vector is remote network access (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. The impact affects confidentiality, integrity, and availability to a limited extent (C:L/I:L/A:L). Stored XSS can be exploited by attackers to execute arbitrary JavaScript in the browsers of users who visit the compromised pages, potentially leading to session hijacking, defacement, or redirection to malicious sites. Although no known exploits are reported in the wild, the presence of this vulnerability in a widely used e-commerce plugin poses a tangible risk. The plugin is used to enhance product search functionality in WooCommerce, a popular WordPress e-commerce platform, making it a valuable target for attackers aiming to compromise online stores or their customers. The vulnerability was published on October 29, 2025, by Patchstack, but no patch links are currently provided, indicating that remediation may still be pending or in progress.

For European organizations operating e-commerce websites using WooCommerce with the Premmerce Product Search plugin, this vulnerability can lead to unauthorized script execution within the context of their web applications. This can result in theft of user credentials, session tokens, or other sensitive information, potentially enabling further compromise of user accounts or administrative functions. Additionally, attackers could manipulate website content, degrade user trust, or redirect customers to phishing or malware sites, impacting brand reputation and customer confidence. The requirement for high privileges to exploit the vulnerability somewhat limits the attack surface to users with administrative or editor roles, but social engineering or privilege escalation could increase risk. The medium CVSS score reflects moderate risk, but the potential for chained attacks and data leakage is significant in the e-commerce context. Disruptions could affect business continuity and compliance with data protection regulations such as GDPR, especially if customer data is compromised. The lack of known exploits in the wild provides a window for proactive mitigation but should not lead to complacency.

1. Monitor official Premmerce and WooCommerce channels for security updates and apply patches immediately once available to remediate the vulnerability. 2. Until patches are released, restrict plugin access to only trusted administrators and limit the number of users with high privileges to reduce exploitation risk. 3. Implement strict input validation and sanitization on all user inputs related to product search and other plugin functionalities to prevent malicious script injection. 4. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers, mitigating the impact of potential XSS payloads. 5. Conduct regular security audits and penetration testing focused on web application vulnerabilities, including XSS, to identify and remediate weaknesses proactively. 6. Educate administrative users about phishing and social engineering risks to prevent privilege escalation that could facilitate exploitation. 7. Employ web application firewalls (WAF) with rules designed to detect and block XSS attack patterns targeting the WooCommerce environment. 8. Maintain comprehensive logging and monitoring to detect suspicious activities that may indicate exploitation attempts.