Vulnerability Details CVE-2025-59467
A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page.
This plugin is disabled by default.
Affected Products:
UCRM Argentina AFIP invoices Plugin (Version 1.2.0 and earlier)
Mitigation:
Update UCRM Argentina AFIP invoices Plugin to Version 1.3.0 or later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.6%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-59467
-
cpe:2.3:a:ui:argentina_afip_invoices:*