📄 PPOM for WooCommerce 33.0.15 SQL Injection / Code Execution

This is an extensive exploit that leverages a remote SQL injection vulnerability in PPOM for WooCommerce version 33.0.15 to also achieve remote code execution and local file inclusion...

CVE-2025-66069

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

CVE-2025-66069

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

CVE-2025-66069

CVE-2025-66069 (WordPress PPOM for WooCommerce) is a Missing Authorization / Broken Access Control vulnerability affecting PPOM for WooCommerce versions up to 33.0.16. The issue, reported by Legion Hunter, arises from incorrectly configured access controls in the woocommerce-product-addon feature...

CVE-2025-66069 WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

WordPress plugin PPOM for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin PPOM for WooCommerce versions = 33.0.16...

CVE-2025-11691

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

EUVD-2025-34971

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

CVE-2025-11691

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

CVE-2025-11691

The CVE-2025-11691 entry concerns the PPOM – Product Addons & Custom Fields for WooCommerce WordPress plugin. A SQL Injection exists in PPOM_Meta::get_fields_by_id() for all versions up to 33.0.15 due to insufficient escaping of user input and inadequate query preparation. The vulnerability is ex...

CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

WordPress PPOM – Product Addons & Custom Fields for WooCommerce plugin <= 33.0.15 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Talal Nasraddeen in WordPress Plugin PPOM for WooCommerce versions = 33.0.15...

WordPress plugin PPOM – Product Addons & Custom Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress plugin PPOM – Product Addons & Custom Fields for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

EUVD-2024-35486

Malicious code in bioql PyPI...

EUVD-2025-3863

Malicious code in bioql PyPI...

CVE-2025-24668

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Stored XSS.This issue affects PPOM for WooCommerce: from n/a through = 33.0.8...

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20...

CVE-2024-3962

The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppomuploadfile function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files...