2 matches found
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...
CVE-2025-14509
CVE-2025-14509 (Lucky Wheel for WooCommerce – Spin a Sale) is a PHP code injection flaw in the plugin that uses eval() to execute unsanitized input from the Conditional Tags setting. It affects all versions up to 1.1.13, enabling authenticated attackers with Administrator-level access (and, in Wo...