CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22803 – WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22803
07 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through 1.1.4. The Advanced Product Information for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping via the plugin's 'wapinfo_badges'... • https://patchstack.com/database/wordpress/plugin/woo-advanced-product-information/vulnerability/wordpress-advanced-product-information-for-woocommerce-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22307 – WordPress Product Table for WooCommerce plugin <= 3.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-22307
06 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. The Product Table for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.5.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ... • https://patchstack.com/database/wordpress/plugin/woo-product-table/vulnerability/wordpress-product-table-for-woocommerce-plugin-3-5-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52444 – WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-52444
18 Nov 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPOPAL Opal Woo Custom Product Variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through 1.1.3. La vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') en WPOPAL Opal Woo Custom Product Variation permite Path Traversal. Este problema afecta a Opal Woo Custom Product Variation: desde n/a hasta 1.1.3. The Opal Woo Custom Prod... • https://patchstack.com/database/vulnerability/opal-woo-custom-product-variation/wordpress-opal-woo-custom-product-variation-plugin-1-1-3-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51626 – WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-51626
31 Oct 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1. The Woocommerce Quote Calculator plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f... • https://patchstack.com/database/vulnerability/woo-quote-calculator-order/wordpress-woocommerce-quote-calculator-plugin-1-1-sql-injection-vulnerability-2?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50508 – WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2024-50508
29 Oct 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0. La vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') en Chetan Khandla Woocommerce Product Design permite Path Traversal. Este problema afecta a Woocommerce Product Design: desde n/a hasta 1.0.0. The Woocommerce Product Design plugi... • https://github.com/RandomRobbieBF/CVE-2024-50508 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50509 – WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-50509
28 Oct 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0. La vulnerabilidad de limitación incorrecta de una ruta a un directorio restringido ('Path Traversal') en Chetan Khandla Woocommerce Product Design permite Path Traversal. Este problema afecta a Woocommerce Product Design: desde n/a hasta 1.0.0. The Woocommerce Product Design plugi... • https://github.com/RandomRobbieBF/CVE-2024-50509 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50479 – WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-50479
25 Oct 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1. The Woocommerce Quote Calculator plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f... • https://patchstack.com/database/vulnerability/woo-quote-calculator-order/wordpress-woocommerce-quote-calculator-plugin-1-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-50482 – WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-50482
25 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Chetan Khandla Woocommerce Product Design allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Product Design: from n/a through 1.0.0. La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Chetan Khandla Woocommerce Product Design permite cargar un shell web a un servidor web. Este problema afecta a Woocommerce Product Design: desde n/a hasta 1.0.0. The Woocommerce Product Design plugin for WordPres... • https://github.com/RandomRobbieBF/CVE-2024-50482 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49691 – WordPress Product Filter by WBW plugin <= 2.7.0 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-49691
21 Oct 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Woobewoo Product Filter by WBW allows SQL Injection.This issue affects Product Filter by WBW: from n/a through 2.7.0. The Product Filter by WBW plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, ... • https://patchstack.com/database/vulnerability/woo-product-filter/wordpress-product-filter-by-wbw-plugin-2-7-0-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49658 – WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-49658
21 Oct 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0. The Woocommerce Custom Profile Picture plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a... • https://patchstack.com/database/vulnerability/woo-custom-profile-picture/wordpress-woocommerce-custom-profile-picture-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •