10 matches found
CVE-2026-4001
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...
WordPress Woocommerce Custom Product Addons Pro plugin <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability
Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability discovered by Ren Voza in WordPress Plugin Woocommerce Custom Product Addons Pro versions = 5.4.1...
EUVD-2026-14652
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...
CVE-2026-4001
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...
CVE-2026-4001
The CVE-2026-4001 affects the WordPress plugin Woocommerce Custom Product Addons Pro, with Remote Code Execution via an unsafely handled custom pricing formula. The root cause is insufficient sanitization in process_custom_formula() (includes/process/price.php) where user input is passed to PHP e...
PT-2026-27265
Name of the Vulnerable Software and Affected Versions Woocommerce Custom Product Addons Pro versions prior to 5.4.2 Description The Woocommerce Custom Product Addons Pro plugin for WordPress is susceptible to Remote Code Execution. This occurs because of inadequate sanitization and validation of...
LP pricing formula is vulnerable to flash loan manipulation
Lines of code Vulnerability details Impact The LP pricing formula used in the buyQuote, sellQuote, addQuote, removeQuote functions of Pair.sol contract is vulnerable to flash loan manipulation. Proof of Concept The baseTokenReserves calculates the current balance of base token reserves. This...
TWAP LP price manipulation
Lines of code Vulnerability details Impact The total value locked sum of the pair is used to price the LP. But the reserves of the underlying can be easily influenced by flashloan, then the TVL can vary dramatically.Just like what happened before here Warp. Although getPriceLP use TWAP to calcula...