WordPress Product Designer plugin <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Product Designer versions = 1.0.36...

WordPress Product Designer Plugin <= 1.0.35 is vulnerable to Cross Site Scripting (XSS)

Software Product Designer Type Plugin Vulnerable versions = 1.0.35 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9111 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 972d8d8742f9 Credits Francesco Carlucci...

WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by Emili Castells Patchstack Alliance in WordPress Plugin Product Designer versions = 1.0.33...

WordPress Product Designer plugin <= 1.0.33 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Product Designer versions = 1.0.33...

WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin Product Designer versions = 1.0.32...