11 matches found
EUVD-2025-8401
Malicious code in bioql PyPI...
WordPress plugin Upsell Funnel Builder for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Exploit for CVE-2025-30772
🚨 CVE-2025-30772 - Privilege Escalation in WPC Smart Upsell Fu...
WordPress WPC Smart Upsell Funnel for WooCommerce 3.0.4 Privilege Escalation
A missing authorization vulnerability in the WPC Smart Upsell Funnel for WooCommerce plugin versions through 3.0.4 allows authenticated users with minimal privileges e.g., subscriber to escalate their privileges by modifying arbitrary WordPress options via a vulnerable AJAX endpoint...
WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability
Arbitrary Option Update to Privilege Escalation vulnerability discovered by LVT-tholv2k in WordPress Plugin WPC Smart Upsell Funnel for WooCommerce versions = 3.0.4...
CVE-2025-30772 WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability
Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through = 3.0.4...
PT-2025-13058 · Woocommerce · Wpc Smart Upsell Funnel
Name of the Vulnerable Software and Affected Versions: WPC Smart Upsell Funnel for WooCommerce versions 3.0.4 and earlier Description: The issue is related to a Missing Authorization vulnerability that allows Privilege Escalation in WPC Smart Upsell Funnel for WooCommerce. This vulnerability can ...
WordPress plugin WPC Smart Upsell Funnel for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-11938 One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode
The One Click Upsell Funnel for WooCommerce – Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's...
CVE-2024-11938
CVE-2024-11938 affects the One Click Upsell Funnel for WooCommerce – Free Funnel Builder to create WooCommerce Upsell (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wps_wocuf_pro_yes shortcode attributes, caused by insufficient input sanitization and output e...
WordPress One Click Upsell Funnel for WooCommerce plugin <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via wpswocufproyes Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin One Click Upsell Funnel for WooCommerce versions = 3.4.9...