Lucene search
K

959 matches found

RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.3 views

EUVD-2026-20332

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.9AI score0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.3 views

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS0.0019EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS0.0019EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39662

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.9AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 8:30 a.m.11 views

CVE-2026-39662

The connected sources confirm CVE-2026-39662 relates to a Missing Authorization / Broken Access Control vulnerability in the WordPress plugin “Product Price by Formula for WooCommerce” (ProWCPlugins). Affected product: Product Price by Formula for WooCommerce; vulnerable component: the plugin’s a...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

WordPress plugin Product Price by Formula for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.6 views

PT-2026-31224

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS5.9AI score0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.3 views

CVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-27774

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.3.4 Description The EspoCRM software contains a flaw due to the formula engine operating outside the field-level restriction layer, allowing writable access to fields marked as read-only, such as Attachment.sourceId...

9.1CVSS5.9AI score0.005EPSS
Exploits3References14
Packet Storm
Packet Storm
added 2026/03/25 12:0 a.m.165 views

📄 EspoCRM 9.3.3 Remote Code Execution / Path Traversal

EspoCRM versions 9.3.3 and below proof of concept remote code execution exploit that leverages formula ACL bypass, path traversal, and poisoning. !/bin/bash =========================================================================== EspoCRM command Example: ./poc.sh http://192.168.5.16:8090 admin...

6.5AI score0.005EPSS
Exploits3
Patchstack
Patchstack
added 2026/03/24 6:45 p.m.11 views

WordPress Woocommerce Custom Product Addons Pro plugin <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability

Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability discovered by Ren Voza in WordPress Plugin Woocommerce Custom Product Addons Pro versions = 5.4.1...

9.8CVSS5.9AI score0.00707EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/24 12:30 a.m.5 views

EUVD-2026-14652

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References3
NVD
NVD
added 2026/03/24 12:16 a.m.2 views

CVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS0.00707EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:25 p.m.3 views

CVE-2026-4001

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 11:25 p.m.30 views

CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS0.00707EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/23 11:25 p.m.2 views

CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula

The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References2
CVE
CVE
added 2026/03/23 11:25 p.m.23 views

CVE-2026-4001

The CVE-2026-4001 affects the WordPress plugin Woocommerce Custom Product Addons Pro, with Remote Code Execution via an unsafely handled custom pricing formula. The root cause is insufficient sanitization in process_custom_formula() (includes/process/price.php) where user input is passed to PHP e...

9.8CVSS6.3AI score0.00707EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.9 views

PT-2026-27265

Name of the Vulnerable Software and Affected Versions Woocommerce Custom Product Addons Pro versions prior to 5.4.2 Description The Woocommerce Custom Product Addons Pro plugin for WordPress is susceptible to Remote Code Execution. This occurs because of inadequate sanitization and validation of...

9.8CVSS6.3AI score0.00707EPSS
Exploits0References10
Rows per page
Query Builder