20 matches found
CVE-2025-13387
CVE-2025-13387 affects Kadence WooCommerce Email Designer for WordPress. The WordPress plugin is vulnerable to unauthenticated stored cross-site scripting via the customer name in all versions up to 1.5.17 due to insufficient input sanitization and output escaping. Several connected sources confi...
EUVD-2022-42722
Malicious code in bioql PyPI...
EUVD-2025-11308
Malicious code in bioql PyPI...
CVE-2023-47186
Cross-Site Request Forgery CSRF vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin = 1.5.11 versions...
CVE-2025-39557
Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through = 1.5.14...
CVE-2025-39557
Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through = 1.5.14...
CVE-2025-39557
CVE-2025-39557 — Kadence WooCommerce Email Designer (WordPress plugin) exposes an Unrestricted Upload of File with Dangerous Type, allowing an attacker to upload a web shell. Affected: Kadence WooCommerce Email Designer versions up to and including 1.5.14. Impact is consistent with file-upload vu...
CVE-2025-39557 WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through = 1.5.14...
CVE-2025-39557 WordPress Kadence WooCommerce Email Designer plugin <= 1.5.14 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in StellarWP Kadence WooCommerce Email Designer kadence-woocommerce-email-designer allows Upload a Web Shell to a Web Server.This issue affects Kadence WooCommerce Email Designer: from n/a through = 1.5.14...
PT-2025-16653 · Kadence · Kadence Woocommerce Email Designer
Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer versions 1.5.14 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server. Recommendations: For...
WordPress Kadence WooCommerce Email Designer Plugin < 1.5.12 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kadencewp:kadencewoocommerceemaildesigner"; ifdescription...
WordPress Kadence WooCommerce Email Designer Plugin < 1.5.7 PHP Object Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kadencewp:kadencewoocommerceemaildesigner"; ifdescription...
CVE-2023-47186
Cross-Site Request Forgery CSRF vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin = 1.5.11 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin = 1.5.11 versions...
CVE-2023-47186
CVE-2023-47186 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Kadence WP Kadence WooCommerce Email Designer plugin, affecting versions ≤ 1.5.11. The NVD/NVD-derived metrics indicate a high impact (C, I, A = High) with CVSSv3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. PatchStac...
WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)
Software Kadence WooCommerce Email Designer Type Plugin Vulnerable versions = 1.5.11 Fixed in 1.5.12 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47186 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d7f0bae8b697 Credit...
CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
PT-2022-21774 · WordPress · Kadence Woocommerce Email Designer
Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer WordPress plugin versions prior to 1.5.7 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when an admin imports a...
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil...