CVE-2025-69088
WordPress Combo Offers WooCommerce plugin <= 4.2 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2.
We have discovered 319 live websites that are affected by CVE-2025-69088.
Affected Software
| Product |  Woo Combo Offers |
| Category | Wordpress Plugins |
| Vulnerable Domains | 319 live websites (75% of Woo Combo Offers install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 12 versions ( 86% of all versions) |
Details
- Published - Dec 30, 2025
- Updated - Jan 20, 2026
Credits
- Muhammad Yudha - DJ | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-69088 United States | 59 websites |
 Brazil | 51 websites |
 India | 26 websites |
 Netherlands | 23 websites |
 South Africa | 22 websites |
 GB | 14 websites |
 Vietnam | 12 websites |
 Germany | 12 websites |
 France | 8 websites |
 Cyprus | 7 websites |
Website Distribution by TLD
Number of websites using CVE-2025-69088| .com | 114 websites |
| .com.br | 47 websites |
| .nl | 23 websites |
| .co.uk | 8 websites |
| .ca | 4 websites |
| .ch | 4 websites |
| .org | 4 websites |
| .it | 4 websites |
| .ru | 3 websites |
| .fr | 3 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-69088
Top websites that are affected by CVE-2025-69088. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****************.com | India | *,***,*** | |
| *********.com |  Portugal | *,***,*** | |
| ***************.vn | Vietnam | *,***,*** | |
| **************.***.br | Brazil | *,***,*** | |
| ********.**.uk | GB | *,***,*** | |
| ********.***.br | Brazil | *,***,*** | |
| *****************.nl | Netherlands | *,***,*** | |
| ******.***.ar |  Argentina | *,***,*** | |
| ***********.com | United States | *,***,*** | |
| ***********.com | United States | *,***,*** |
FAQ
A total of 319 websites have been identified as vulnerable to CVE-2025-69088, based on global website indexing conducted by WebTechSurvey.
The Woo Combo Offers is affected by the CVE-2025-69088 vulnerability.
Woo Combo Offers versions up to and including 4.2 are vulnerable to CVE-2025-69088.