6 matches found
CVE-2026-6447
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-6447 Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-6447
The CVE-2026-6447 entry describes a Stored Cross-Site Scripting vulnerability in the Call for Price for WooCommerce plugin for WordPress, affecting all versions up to and including 4.2.0. The root cause is insufficient input sanitization and output escaping in admin settings, allowing authenticat...
PT-2026-36578
The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Call for Price for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
WordPress Call for Price for WooCommerce plugin <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by AndyGuru - AndyGuru in WordPress Plugin Call for Price for WooCommerce versions = 4.2.0...