196 matches found
CVE-2025-49987
Missing Authorization vulnerability in WPFactory CRM ERP Business Solution crm-erp-business-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CRM ERP Business Solution: from n/a through = 1.13...
CVE-2025-49987
CVE-2025-49987 is a Missing Authorization (Broken Access Control) vulnerability in the WPFactory CRM ERP Business Solution WordPress plugin, affecting versions up to 1.13. The issue stems from improperly configured access control, allowing unauthorized users to exploit protections and access or m...
PT-2025-26355 · Wpfactory · Wpfactory Crm Erp Business Solution
Name of the Vulnerable Software and Affected Versions: WPFactory CRM ERP Business Solution versions 1.13 and earlier Description: The issue is related to a Missing Authorization vulnerability, allowing exploitation of incorrectly configured access control security levels. Recommendations: For...
CVE-2025-49510
Cross-Site Request Forgery CSRF vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through = 5.1.0...
CVE-2025-49510
Cross-Site Request Forgery CSRF vulnerability in WPFactory Min Max Step Quantity Limits Manager for WooCommerce product-quantity-for-woocommerce allows Cross Site Request Forgery.This issue affects Min Max Step Quantity Limits Manager for WooCommerce: from n/a through = 5.1.0...
CVE-2025-49510
CVE-2025-49510 is a CSRF vulnerability in the WordPress plugin Min Max Step Quantity Limits Manager for WooCommerce. Affected versions are up to and including 5.1.0. Remediation is available in version 5.1.0 (patched). No exploitation details are provided in the connected documents.
CVE-2024-8656
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
CVE-2024-31276
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8...
CVE-2023-36689
Unauth. Reflected Cross-Site Scripting XSS vulnerability in WPFactory WPFactory Helper plugin = 1.5.2 versions...
CVE-2023-51399
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3...
CVE-2023-23868
Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6...
CVE-2025-48240
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Cost of Goods for WooCommerce cost-of-goods-for-woocommerce allows Stored XSS.This issue affects Cost of Goods for WooCommerce: from n/a through = 3.7.0...
CVE-2025-48253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce allows Stored XSS.This issue affects Free Shipping Bar: Amount Left for Free Shippin...
CVE-2025-48239
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Product Notes Tab & Private Admin Notes for WooCommerce product-notes-for-woocommerce allows Stored XSS.This issue affects Product Notes Tab & Private Admin Notes for WooCommerce: from n/...
CVE-2025-48248
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products global-shop-discount-for-woocommerce allows Stored XSS.This issue affects Sitewide Discount for WooCommerce: Apply Discou...
CVE-2025-48251
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Additional Custom Emails & Recipients for WooCommerce custom-emails-for-woocommerce allows Stored XSS.This issue affects Additional Custom Emails & Recipients for WooCommerce: from n/a...
CVE-2025-48237
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.2.2...
CVE-2025-48252
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through = 1.6.8...
CVE-2025-48249
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Stored XSS.This issue affects EAN for WooCommerce: from n/a through = 5.4.6...
CVE-2025-48250
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Coupons & Add to Cart by URL Links for WooCommerce url-coupons-for-woocommerce-by-algoritmika allows Stored XSS.This issue affects Coupons & Add to Cart by URL Links for WooCommerce: from...