27 matches found
EUVD-2020-19469
Malware in sbrugna...
EUVD-2024-52465
Malicious code in bioql PyPI...
EUVD-2025-24719
Malicious code in bioql PyPI...
CVE-2025-54674
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce allows Cross Site Request Forgery. This issue affects Product Configurator for WooCommerce: from n/a through 1.4.4...
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through = 1.4.4...
CVE-2025-54674
CVE-2025-54674 concerns the WordPress plugin Product Configurator for WooCommerce (mklacroix) and is a CSRF vulnerability affecting versions up to and including 1.4.4. The CVE entry is supported by multiple sources noting a CSRF flaw that can be triggered in authenticated user sessions, with CVSS...
WordPress plugin Product Configurator for WooCommerce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2025-33227 · WordPress · Staggs Product Configurator For Woocommerce
Name of the Vulnerable Software and Affected Versions: Product Configurator for WooCommerce versions n/a through 1.4.4 Description: The software contains a Cross-Site Request Forgery CSRF flaw. This issue allows attackers to perform actions on behalf of authenticated users without their knowledge...
CVE-2020-26944
An issue was discovered in Aptean Product Configurator 4.61.0000 on Windows. A Time based SQL injection affects the nameTxt parameter on the main login page aka cse?cmd=LOGIN. This can be exploited directly, and remotely...
CVE-2024-54342
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through = 2.0.0...
CVE-2024-54342
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in STAGGS STAGGS staggs allows Reflected XSS.This issue affects STAGGS: from n/a through = 2.0.0...
CVE-2024-54342
CVE-2024-54342 describes a reflected XSS in STAGGS Product Configurator Toolkit for WooCommerce (STAGGS – Product Configurator Toolkit). Affected range is listed as from n/a through 2.0.0. The issue stems from improper input neutralization during web page generation, enabling a reflected cross-si...
PT-2024-36227 · Woocommerce · Staggs Product Configurator For Woocommerce
Name of the Vulnerable Software and Affected Versions: Staggs Product Configurator for WooCommerce versions through 2.0.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks...
WordPress plugin Staggs Product Configurator for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Staggs Product Configurator for WooCommerce Plugin < 1.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Staggs Product Configurator for WooCommerce Type Plugin Vulnerable versions 1.4.2 Fixed in 1.4.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 63876648fcb8 Credits Rafie...
WordPress WooCommerce plugin arbitrary file deletion vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress WooCommerce plugin versions prior to 1.2.32 are vulnerable to arbitrary file deletion, which stems...
CVE-2022-1953
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink without validation first...
CVE-2022-1953
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink without validation first...