CVE-2025-14436

HIGH EXPLOITED

Brevo for WooCommerce <4.0.49 - XSS

Title source: llm

Exploitation Summary

CVE-2025-14436 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including moritakaaz.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-14436, an unauthenticated stored XSS vulnerability in the Brevo for WooCommerce plugin. The exploit injects arbitrary JavaScript payloads via the `user_connection_id` parameter, which executes when an admin visits the plugin settings page.

Description

The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up to, and including, 4.0.49 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Exploits (1)

gitlab WORKING POC

by moritakaaz · poc

https://gitlab.com/moritakaaz/cve-2025-14436

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-14436, an unauthenticated stored XSS vulnerability in the Brevo for WooCommerce plugin. The exploit injects arbitrary JavaScript payloads via the `user_connection_id` parameter, which executes when an admin visits the plugin settings page.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Brevo for WooCommerce plugin ≤ 4.0.49

No auth needed

Prerequisites: Target must have Brevo for WooCommerce plugin installed and activated (version ≤ 4.0.49)

MITRE ATT&CK