WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.1 - Unauthenticated Limited File Upload vulnerability

Unauthenticated Limited File Upload vulnerability discovered by Jamiryoo in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.1...

CVE-2025-12500

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to unauthenticated limited file upload in all versions up to, and including, 7.8.1. This is due to the plugin not properly verifying that a user is authorized to perform file upload actions via the...

WordPress Checkout Field Manager (Checkout Manager) for WooCommerce plugin <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary Attachment Deletion vulnerability discovered by NosleeP++ in WordPress Plugin WooCommerce Checkout Manager versions = 7.8.5...

CVE-2025-13930 Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion

The Checkout Field Manager Checkout Manager for WooCommerce plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 7.8.5. This is due to the plugin not properly verifying that a user is authorized to delete an attachment combined with flawed guest order...

CVE-2019-11807

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...

EUVD-2019-3474

Malware in sbrugna...

EUVD-2023-51779

Malicious code in bioql PyPI...

CVE-2023-47681

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0...

WordPress Checkout Field Editor (Checkout Manager) for WooCommerce Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)

Software Checkout Field Editor Checkout Manager for WooCommerce Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8499 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

CVE-2023-47681

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0...

CVE-2023-47681 WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0...

CVE-2023-47681 WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0...

WordPress plugin WooCommerce Checkout Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-31262

Cross-Site Request Forgery CSRF vulnerability in Jcodex WooCommerce Checkout Field Editor Checkout Manager.This issue affects WooCommerce Checkout Field Editor Checkout Manager: from n/a through 2.1.8...

CVE-2024-31262

CVE-2024-31262 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WooCommerce Checkout Field Editor (Checkout Manager) . The affected product is the Checkout Field Editor/Checkout Manager plugin for WooCommerce, with versions up to and including 2.1.8 (version range unsp...

WordPress WooCommerce Checkout Field Editor (Checkout Manager) plugin <= 2.1.8 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Skalucy Patchstack Alliance in WordPress Plugin WooCommerce Checkout Field Editor Checkout Manager versions = 2.1.8...

WordPress WooCommerce Checkout Field Editor (Checkout Manager) Plugin <= 2.1.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Checkout Field Editor Checkout Manager Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31262 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID...

WordPress WooCommerce Checkout Manager Plugin <= 7.3.0 is vulnerable to Broken Access Control

Software WooCommerce Checkout Manager Type Plugin Vulnerable versions = 7.3.0 Fixed in 7.3.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-47681 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID b9559fa71258 Credits Rafie Muhammad...

CVE-2022-3490 Checkout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object Injection

The Checkout Field Editor Checkout Manager for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The WooCommerce Checkout Manager plugin before 4.3 for WordPress allows media deletion via the wp-admin/admin-ajax.php?action=updateattachmentwccm wccmdefaultkeysload parameter because of a nopriv registration and a lack of capabilities checks...