| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Missing Authorization vulnerability in fraudlabspro FraudLabs Pro for WooCommerce fraudlabs-pro-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FraudLabs Pro for WooCommerce: from n/a through <= 2.22.11. |
| Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist for WooCommerce: from n/a through <= 3.2.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPtouch WPtouch wptouch allows Stored XSS.This issue affects WPtouch: from n/a through <= 4.3.60. |
| Cross-Site Request Forgery (CSRF) vulnerability in NTC WP Page Loading wp-page-loading allows Cross Site Request Forgery.This issue affects WP Page Loading: from n/a through <= 1.0.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team: Tobias WP2LEADS wp2leads allows Reflected XSS.This issue affects WP2LEADS: from n/a through <= 3.5.0. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows SQL Injection.This issue affects Persian Woocommerce SMS: from n/a through <= 7.0.10. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ovatheme BRW ova-brw allows Stored XSS.This issue affects BRW: from n/a through <= 1.8.6. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme BRW ova-brw allows PHP Local File Inclusion.This issue affects BRW: from n/a through <= 1.8.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress rss-feed-post-generator-echo allows Reflected XSS.This issue affects Echo RSS Feed Post Generator Plugin for WordPress: from n/a through <= 5.4.8.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolHappy The Events Calendar Countdown Addon countdown-for-the-events-calendar allows Stored XSS.This issue affects The Events Calendar Countdown Addon: from n/a through <= 1.4.9. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Frontend Dashboard frontend-dashboard allows Stored XSS.This issue affects Frontend Dashboard: from n/a through <= 2.2.8. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HT Plugins HT Team Member ht-team-member allows Stored XSS.This issue affects HT Team Member: from n/a through <= 1.1.7. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclusion.This issue affects WP Travel Engine: from n/a through <= 6.5.1. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magazine3 WP Multilang wp-multilang allows PHP Local File Inclusion.This issue affects WP Multilang: from n/a through <= 2.4.19. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget wp-social-widget allows Stored XSS.This issue affects WP Social Widget: from n/a through <= 2.3. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode Product Catalog Simple post-type-x allows Stored XSS.This issue affects Product Catalog Simple: from n/a through <= 1.8.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeManas Search with Typesense search-with-typesense allows Stored XSS.This issue affects Search with Typesense: from n/a through <= 2.0.10. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Shabti Kaplan Frontend Admin by DynamiApps acf-frontend-form-element allows Path Traversal.This issue affects Frontend Admin by DynamiApps: from n/a through <= 3.28.7. |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Scott Paterson Easy Stripe easy-stripe allows Remote Code Inclusion.This issue affects Easy Stripe: from n/a through <= 1.1. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpsoul Greenshift greenshift-animation-and-page-builder-blocks allows DOM-Based XSS.This issue affects Greenshift: from n/a through <= 11.5.5. |
