CVE-2026-25455

Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through = 1.13.61...

CVE-2026-25455

CVE-2026-25455 affects the WordPress plugin pair: Product Slider, Product Grid, Product Masonry (WooCommerce Products Slider) by PickPlugins. The issue is Missing Authorization / broken access control allowing unauthorized actions, caused by incorrectly configured access security levels. Affected...

PT-2026-27951

Name of the Vulnerable Software and Affected Versions PickPlugins Product Slider for WooCommerce versions through 1.13.60 Description The software contains a flaw related to incorrectly configured access control security levels, leading to a missing authorization issue. This allows for potential...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists ...

Form Maker < 1.13.60 - Authenticated Stored XSS

The plugin does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue Create or edit a form and add the following payload in the Form Title field "autofocus onmouseover=alert/XSS///...