CVE-2026-32457

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...

WordPress Woocommerce Custom Product Addons Pro plugin <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability

Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability discovered by Ren Voza in WordPress Plugin Woocommerce Custom Product Addons Pro versions = 5.4.1...

CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

CVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

CVE-2026-32372 WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

CVE-2026-32372

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

PT-2026-25219

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....

CVE-2026-2296 Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2025-62748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder vc-addons-by-bit14 allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through = 1.5...

CVE-2025-62748

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder vc-addons-by-bit14 allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through = 1.5...

CVE-2025-62748 WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.5...

CVE-2025-62748 WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder vc-addons-by-bit14 allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through = 1.5...

WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Web and WooCommerce Addons for WPBakery Builder versions = 1.5...

PT-2025-54307

Name of the Vulnerable Software and Affected Versions Genetech Products Web and WooCommerce Addons for WPBakery Builder versions through 1.5 Description The software contains a flaw related to improper input handling during web page creation, leading to a DOM-Based Cross-site Scripting issue. Thi...

EUVD-2025-202267

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

EUVD-2024-35077

Malicious code in bioql PyPI...

EUVD-2024-40609

Malicious code in bioql PyPI...

CVE-2024-43960

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6...

CVE-2024-43960 WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Page Builder Addons Web and WooCommerce Addons for WPBakery Builder allows Stored XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.4.6...