PatchSiren cyber security CVE debrief
CVE-2026-57422 VillaTheme CVE debrief
A Reflected XSS vulnerability exists in the Bopo – WooCommerce Product Bundle Builder plugin due to improper neutralization of input during web page generation. This issue affects versions from n/a through <= 1.2.0. Users of affected versions should be aware of this vulnerability and take necessary precautions. The CVE record was published on 2026-07-13T10:16:36.200Z and has not been modified since then.
- Vendor
- VillaTheme
- Product
- Bopo – WooCommerce Product Bundle Builder
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of Bopo – WooCommerce Product Bundle Builder plugin versions up to 1.2.0, security teams, and operators of affected systems should be aware of this Reflected XSS vulnerability. They should review the official CVE record and NVD detail page, verify affected product deployments, and implement compensating controls.
Technical summary
A Reflected XSS vulnerability exists in the Bopo – WooCommerce Product Bundle Builder plugin due to improper neutralization of input during web page generation. This issue affects versions from n/a through <= 1.2.0. The vulnerability has a CVSS score of 7.1 and is considered High severity. Users of affected versions should apply vendor remediation or patches if available. To verify affected product deployments, security teams should review the official CVE record and NVD detail page. They should also implement compensating controls such as input validation and output encoding, monitor for suspicious activity and exception tracking, and track exceptions and retest remediated assets. Further verification is recommended by reviewing vendor guidance and affected product deployments exist in managed environments.
Defensive priority
High priority due to CVSS score of 7.1 and potential for user interaction.
Recommended defensive actions
- Inventory and verify affected versions of Bopo – WooCommerce Product Bundle Builder
- Apply vendor remediation or patches if available
- Implement compensating controls such as input validation and output encoding
- Monitor for suspicious activity and exception tracking
- Review the official CVE record and NVD detail page
- Verify affected product deployments exist in managed environments
- Track exceptions and retest remediated assets
Evidence notes
Evidence is limited; primary official records indicate a Reflected XSS vulnerability exists in Bopo – WooCommerce Product Bundle Builder plugin versions up to 1.2.0. Further verification is recommended by reviewing the official CVE record and NVD detail page. Defenders should verify affected product deployments, review vendor guidance, and implement compensating controls.
Official resources
-
CVE-2026-57422 CVE record
CVE.org
-
CVE-2026-57422 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:36.200Z and has not been modified since then.