CVE-2025-13137

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotivlimit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-13137 Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotivlimit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2025-49338

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'woomotiv limit' parameter in all versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2024-50839

Malicious code in bioql PyPI...

CVE-2024-1325

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated...

CVE-2024-12416

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotivseenproducts.' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12416

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotivseenproducts.' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotivseenproducts.' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2024-12416

CVE-2024-12416 affects the WordPress plugin “Live Sales Notification for Woocommerce – Woomotiv.” The vulnerability is an SQL Injection via the cookie parameter woomotiv_seen_products_.*, affecting all versions up to 3.6.1. Root cause: insufficient escaping of user-supplied data and lack of prope...

CVE-2024-12416 Woomotiv <= 3.6.1 - Unauthenticated SQL Injection

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotivseenproducts.' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

WordPress plugin Woomotiv SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

WordPress Woomotiv plugin <= 3.6.1 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Frissi0n in WordPress Plugin Live Sales Notification for Woocommerce - Woomotiv versions = 3.6.1...

CVE-2024-1325

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated...

WordPress Plugin Woomotiv Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-17945 · Woomotiv · Live Sales Notification For Woocommerce – Woomotiv

Name of the Vulnerable Software and Affected Versions: Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress versions up to, and including, 3.4.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax cancel revie...

Woomotiv < 3.5.0 - Review Count Reset via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrato...