29 matches found
CVE-2026-11568
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...
CVE-2026-11568 Product Configurator for WooCommerce < 1.7.3 - Unauthenticated Private/Draft Product Data Disclosure via pc_get_data
The Product Configurator for WooCommerce WordPress plugin before 1.7.3 does not perform any authorisation or post-status check before returning WooCommerce product data through a public AJAX action, allowing unauthenticated users to retrieve the data title, price, weight, stock status, and...
EUVD-2020-19469
Malware in sbrugna...
EUVD-2024-52465
Malicious code in bioql PyPI...
EUVD-2025-24719
Malicious code in bioql PyPI...
CVE-2025-54674
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674
CVE-2025-54674 concerns the WordPress plugin Product Configurator for WooCommerce (mklacroix) and is a CSRF vulnerability affecting versions up to and including 1.4.4. The CVE entry is supported by multiple sources noting a CSRF flaw that can be triggered in authenticated user sessions, with CVSS...
PT-2025-33227 · WordPress · Staggs Product Configurator For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Configurator for WooCommerce versions n/a through 1.4.4 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge...
WordPress plugin Product Configurator for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2020-26944
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page aka cse?cmd=LOGIN. This can be exploited directly, and remotely...
CVE-2024-54342
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through = 2.0.0...
CVE-2024-54342
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through = 2.0.0...
CVE-2024-54342
CVE-2024-54342 describes a reflected XSS in STAGGS Product Configurator Toolkit for WooCommerce (STAGGS – Product Configurator Toolkit). Affected range is listed as from n/a through 2.0.0. The issue stems from improper input neutralization during web page generation, enabling a reflected cross-si...
WordPress plugin Staggs Product Configurator for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-36227 · Woocommerce · Staggs Product Configurator For Woocommerce
Name of the Vulnerable Software and Affected Versions: Staggs Product Configurator for WooCommerce versions through 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...
WordPress Staggs Product Configurator for WooCommerce Plugin < 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Staggs Product Configurator for WooCommerce Type Plugin Vulnerable versions 1.4.2 Fixed in 1.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 63876648fcb8 Credits Rafie...
WordPress WooCommerce plugin arbitrary file deletion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress WooCommerce plugin versions prior to 1.2.32 are vulnerable to arbitrary file deletion, which stems...