196 matches found
CVE-2025-31553
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a...
CVE-2025-31848
Missing Authorization vulnerability in WPFactory Adverts adverts-click-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Adverts: from n/a through = 1.4...
CVE-2025-31848
CVE-2025-31848 is a Missing Authorization vulnerability in the WordPress Adverts Plugin (WPFactory) related to the Adverts Click Tracker. Public data indicates impact on the plugin version range “n/a through 1.4” with a CVSS 3.1 base score of 5.3 (Medium) and the attack vector as network, no user...
PT-2025-14425 · WordPress · Wpfactory Advanced Woocommerce Product Sales Reporting
Name of the Vulnerable Software and Affected Versions: WPFactory Advanced WooCommerce Product Sales Reporting versions 3.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...
PT-2025-14226 · WordPress · Wpfactory Wordpress Adverts Plugin
Name of the Vulnerable Software and Affected Versions: WPFactory WordPress Adverts Plugin versions 1.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: F...
CVE-2025-31598
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce wholesale-pricing-woocommerce allows Stored XSS.This issue affects Quantity Dynamic Pricing & Bulk Discounts for WooCommerce: fro...
CVE-2025-31598 WordPress Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin <= 4.0.3 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Quantity Dynamic Pricing & Bulk Discounts for WooCommerce wholesale-pricing-woocommerce allows Stored XSS.This issue affects Quantity Dynamic Pricing & Bulk Discounts for WooCommerce: fro...
CVE-2025-31598
CVE-2025-31598 is a stored XSS in the WordPress plugin “Quantity Dynamic Pricing & Bulk Discounts for WooCommerce” (
CVE-2025-22673
Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through = 5.3.5...
CVE-2025-30781
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through = 3.7.1...
CVE-2025-22673
Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through = 5.3.5...
CVE-2025-22673 WordPress EAN Barcode Generator <= 5.3.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through = 5.3.5...
CVE-2025-30781
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through = 3.7.1...
CVE-2025-30781
CVE-2025-30781 concerns the Scheduled & Automatic Order Status Controller for WooCommerce. It describes an Open Redirect vulnerability that could enable phishing by redirecting users to untrusted sites. Affected software ranges “from n/a through 3.7.1.” Connected vulnerability listings indicate t...
CVE-2025-30781 WordPress Scheduled & Automatic Order Status Controller for WooCommerce plugin <= 3.7.1 - Open Redirection Vulnerability
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in WPFactory Scheduled & Automatic Order Status Controller for WooCommerce order-status-rules-for-woocommerce allows Phishing.This issue affects Scheduled & Automatic Order Status Controller for WooCommerce: from n/a through = 3.7.1...
CVE-2024-43127
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPFactory Products, Order & Customers Export for WooCommerce allows Reflected XSS.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.11...
CVE-2024-56228
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce.This issue affects Wishlist for WooCommerce: from n/a through = 3.1.2...
CVE-2024-49305
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through = 2.8.10...
CVE-2024-54332
Cross-Site Request Forgery CSRF vulnerability in WPFactory WP Currency Exchange Rates wp-currency-exchange-rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through = 1.2.0...
CVE-2024-54209
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Awesome Shortcodes awesome-shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through = 1.7.2...