CVE-2025-5285
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βhtmlTagβ parameter in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<p>The <strong>Product Subtitle for WooCommerce</strong> plugin allows you to add customizable subtitles to your WooCommerce products. You can display these subtitles in various positions on different pages, improving the look of your product listings and enhancing your SEO.</p>
<h3>π₯ Watch a Quick Tutorial</h3>
<span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="800" height="375" src="https://www.youtube.com/embed/SJ9HmXtRNJQ?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span>
<p>Click the image above to watch a quick tutorial on how to use the <strong>Product Subtitle for WooCommerce</strong> plugin.</p>
<h3>π Features</h3>
<h3>β
<strong>Customizable Subtitles</strong></h3>
<p>β Easily add and customize subtitles using the WordPress editor.</p>
<h3>β
<strong>Flexible Display Options</strong></h3>
<p>β Display subtitles in multiple positions on different WooCommerce pages:<br />
β <strong>Shop Page</strong>: Before/After Product Title, Before/After Product Rating, Before/After Product Price.<br />
β <strong>Single Product Page</strong>: Before/After Product Title, Before/After Product Price, Before Add to Cart Button.<br />
β <strong>Mini-Cart, Cart, Checkout, Thank You, My Account & Order Emails</strong>: Before/After Product Title.</p>
<h3>β
<strong>Visibility Controls</strong></h3>
<p>β Show/hide subtitles on shop, single product, cart, checkout, view order, mini cart, and order emails.</p>
<h3>β
<strong>Shortcode Support</strong></h3>
<p>β Use <code>[PSWC_Subtitle]</code> to display subtitles anywhere on your site.<br />
β Use <code>[PSWC_Subtitle product_id="86"]</code> to display a subtitle for a specific product.<br />
β You can specify the HTML tag for the subtitle using the <code>tag</code> attribute: <code>[PSWC_Subtitle tag="p"]</code> <code>[PSWC_Subtitle tag="h1"]</code> <code>[PSWC_Subtitle tag="span"]</code><br />
β <strong>Supported HTML Tags</strong>: <code>p</code>, <code>small</code>, <code>span</code>, <code>h1</code>, <code>h2</code>, etc.</p>
<h3>β
<strong>SEO Plugin Integration</strong></h3>
<p>β Fully compatible with <strong>Yoast SEO, Rank Math SEO, SEOPress</strong>, and more.<br />
β Use <strong><code>%%pswc_subtitle%%</code></strong> in meta titles and descriptions to boost SEO visibility.<br />
β For <strong>Rank Math SEO</strong>, use <strong><code>%customfield(pswc_subtitle)%</code></strong> to include the subtitle in meta tags.</p>
<h3>β
<strong>Style Customization</strong></h3>
<p>β Global CSS Class: <code>product-subtitle</code><br />
β Product-Specific CSS Class: <code>product-subtitle-86</code></p>
<h3>π Support</h3>
<p>For any issues or questions, please visit our <a href="https://wordpress.org/support/plugin/product-subtitle-for-woocommerce/" rel="ugc">Support Page</a>.</p>
<p>Thank you for using <strong>Product Subtitle for WooCommerce</strong>! π Enhance your product pages today!</p>
WordPress Plugin Directory