CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32565 – WordPress Neon Product Designer Plugin <= 2.1.1 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32565
09 Apr 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in vertim Neon Product Designer allows SQL Injection. This issue affects Neon Product Designer: from n/a through 2.1.1. The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers ... • https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22799 – WordPress Neon Product Designer Plugin <= 2.1.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-22799
13 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. The Neon Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attack... • https://patchstack.com/database/wordpress/plugin/neon-product-designer-for-woocommerce/vulnerability/wordpress-neon-product-designer-plugin-2-1-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51919 – WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-51919
03 Jan 2025 — Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3. The Fancy Product Designer plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 6.4.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 2CVE-2024-51818 – WordPress Fancy Product Designer plugin <= 6.4.3 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-51818
03 Jan 2025 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3. The Fancy Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 6.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additi... • https://packetstorm.news/files/id/188675 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31277 – WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31277
05 Apr 2024 — Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. Vulnerabilidad de deserialización de datos no confiables en PickPlugins Product Designer. Este problema afecta a Product Designer: desde n/a hasta 1.0.32. The Product Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.32 via deserialization of untrusted input. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/vulnerability/product-designer/wordpress-product-designer-plugin-1-0-32-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •