2 matches found
CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...
CVE-2025-54019 WordPress Alone < 7.8.5 - Arbitrary Code Execution Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in Beplusthemes Alone alone allows Code Injection.This issue affects Alone: from n/a through 7.8.5...