NotCVE - vendor:"Ni Woocommerce Cost Of Goods" product:"Ni Woocommerce Cost Of Goods"

3 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-32207 – WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-32207

04 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Stored XSS. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acce... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-31826 – WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerability

https://notcve.org/view.php?id=CVE-2025-31826

01 Apr 2025 — Missing Authorization vulnerability in Anzar Ahmed Ni WooCommerce Cost Of Goods allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-53783 – WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-53783

28 Nov 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. The Ni WooCommerce Cost Of Goods plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authent... • https://patchstack.com/database/wordpress/plugin/ni-woocommerce-cost-of-goods/vulnerability/wordpress-ni-woocommerce-cost-of-goods-plugin-3-2-8-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •