WOOF WordPress plugin - Cross-Site Scripting

The WOOF WordPress plugin does not sanitize or escape the woofredrawelements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting. id: CVE-2021-25085 info: name: WOOF WordPress plugin - Cross-Site Scripting author: Maximus Decimus severity: medium...

WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting

WordPress Active Products Tables for WooCommerce plugin prior to 1.0.5 contains a cross-site scripting vulnerability.. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action, An attacker can inject arbitrary script in the browser of an...

WordPress InPost Gallery <2.1.4.1 - Local File Inclusion

WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on...

CVE-2026-27415

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

PT-2026-38416

Cross-Site Request Forgery CSRF vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery. This issue affects BEAR: from n/a through 1.1.5...

CVE-2024-32680

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Control of Generation of Code 'Code Injection' vulnerability in PluginUS HUSKY – Products Filter for WooCommerce formerly WOOF allows Using Malicious Files, Code Inclusion.This issue affects HUSKY – Products...

CVE-2024-32680

CVE-2024-32680 refers to a vulnerability in the HUSKY – Products Filter for WooCommerce plugin (formerly WOOF) for WordPress. The issue is described as an authenticated remote code execution via path traversal and code injection, affecting versions up to 1.3.5.2. Connected sources indicate this v...

CVE-2024-24834

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for...

WordPress plugin BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...