CVE-2025-66572

UNKNOWN 0.0

Loaded Commerce 6.6 Client-Side Template Injection(CSTI)

CVSS Score

0.0

EPSS Score

0.3%

EPSS Percentile

53th

Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter.

CWE	CWE-78
Vendor	loadedcommerce
Product	loaded commerce
Published	Dec 4, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for loadedcommerce loaded commerce

Be the first to know when new unknown vulnerabilities affecting loadedcommerce loaded commerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

loadedcommerce / Loaded Commerce

6.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52084 loadedcommerce.com: https://loadedcommerce.com/ vulncheck.com: https://www.vulncheck.com/advisories/loaded-commerce-66-client-side-template-injectioncsti

Credits

tmrswrr