2 matches found
CVE-2026-14500
The CVE-2026-14500 entry concerns the Bulk Order Update for WooCommerce plugin for WordPress (
EUVD-2026-42175
The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...