CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter vulnerability

WordPress Product Addons for Woocommerce - Product Options with Custom Fields plugin = 3.1.0 - Authenticated Shop Manager+ Code Injection via Conditional Logic 'operator' Parameter vulnerability discovered by Phap Nguyen Anh - FIS in WordPress Plugin Product Addons for Woocommerce versions = 3.1....

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2296 Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

CVE-2026-2296

CVE-2026-2296 affects the WordPress plugin Product Addons for Woocommerce – Product Options with Custom Fields (all versions up to 3.1.0). The root cause is insufficient validation of the 'operator' field in conditional logic rules, where unsanitized input is passed to PHP eval() inside evalCondi...

CVE-2026-2296

The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions...

EUVD-2018-3334

Malware in sbrugna...

EUVD-2021-29707

Malicious code in bioql PyPI...

WordPress Extensions For CF7 Plugin Path Traversal Vulnerability

WordPress Extensions For CF7 Plugin is a plugin that extends the functionality of Contact Form 7, mainly used to enhance the database management, conditional logic processing and user guidance capabilities of native forms. The WordPress Extensions For CF7 Plugin suffers from a path traversal...

CVE-2021-42749

In Beaver Themer, attackers can bypass conditional logic controls for hiding content when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set...

CVE-2021-24546

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...

Denial Of Service (DoS)

http-proxy-middleware is vulnerable to Denial Of Service DoS. The vulnerability is due to improper conditional logic due to the absence of "else if", which allows an attacker to trigger writeBody twice and potentially disrupt normal application behavior...

WordPress Rocket Addons – Conditional logic and form addons for Elementor Pro Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Rocket Addons – Conditional logic and form addons for Elementor Pro Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...

WordPress Conditional Logic for Woo Product Add-ons Plugin < 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software Conditional Logic for Woo Product Add-ons Type Plugin Vulnerable versions 1.2.1 Fixed in 1.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 80418579c1aa Credits Rafie...

WordPress Rocket Addons – Conditional logic and form addons for Elementor Pro plugin <= 1.0.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Rocket Addons – Conditional logic and form addons for Elementor Pro plugin versions = 1.0.1. Solution No patched version available...

CVE-2021-42749

In Beaver Themer, attackers can bypass conditional logic controls for hiding content when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set...

Xxe

In Beaver Themer, attackers can bypass conditional logic controls for hiding content when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set...

WordPress plugin 安全漏洞

WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in WordPress plugin, which originates in Beaver Themer, and can be exploited by an attacker to bypass conditional logic controls used to hide content when viewing a post archive, utilizing the...

CVE-2021-42749

CVE-2021-42749 affects Beaver Themer (WordPress plugin). The vulnerability lets attackers bypass conditional logic controls used to hide content when viewing post archives, provided a Themer layout is applied to the archives and the post excerpt field is not set. This is a straightforward logic b...

CVE-2021-42749

In Beaver Themer, attackers can bypass conditional logic controls for hiding content when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set...