Lucene search
+L

1137 matches found

Patchstack
Patchstack
added 2026/05/01 9:16 a.m.11 views

WordPress Role Based Pricing for Woo by Meow Crew plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WooCommerce Role Based Pricing by Meow Crew versions = 1.6.0...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/29 2:48 p.m.8 views

CVE-2026-39704

Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/...

5.3CVSS5.1AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 9:31 p.m.8 views

EUVD-2026-22911

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.8AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/17 11:26 p.m.4 views

CVE-2026-2262

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS5.7AI score0.0239EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/17 11:26 p.m.245 views

CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API

The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...

7.5CVSS0.0239EPSS
Exploits1References6
CVE
CVE
added 2026/04/17 11:26 p.m.29 views

CVE-2026-2262

The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...

7.5CVSS5.7AI score0.0239EPSS
Exploits1References6
Patchstack
Patchstack
added 2026/04/16 10:31 a.m.9 views

WordPress Product Pricing Table by WooBeWoo plugin <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability

Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Product Pricing Table by WooBeWoo versions = 1.1.0...

6.1CVSS5.8AI score0.00126EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/15 12:16 p.m.6 views

CVE-2026-1852

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 11:30 a.m.5 views

CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.8AI score0.00126EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:30 a.m.7 views

CVE-2026-1852

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.8AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 11:30 a.m.30 views

CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 11:30 a.m.3 views

CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion

The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00126EPSS
Exploits0References4
CVE
CVE
added 2026/04/15 11:30 a.m.26 views

CVE-2026-1852

Summary: CVE-2026-1852 affects the Product Pricing Table by WooBeWoo WordPress plugin. It is a Cross-Site Request Forgery (CSRF) vulnerability with stored XSS implications due to missing/incorrect nonce validation on the updateLabel() and remove() functions, in all versions up to 1.1.0. This allo...

6.1CVSS5.8AI score0.00126EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.11 views

WordPress plugin Product Pricing Table by WooBeWoo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.1CVSS5.9AI score0.00126EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.11 views

PT-2026-33055

Name of the Vulnerable Software and Affected Versions Product Pricing Table by WooBeWoo versions prior to 1.1.1 Description The Product Pricing Table by WooBeWoo plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing or incorrect nonce validation i...

6.1CVSS5.7AI score0.00126EPSS
Exploits0References5
NVD
NVD
added 2026/04/14 3:16 p.m.14 views

CVE-2026-37592

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/managepricing.php...

2.7CVSS0.00193EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/04/14 3:38 a.m.8 views

WordPress WholeSale Products Dynamic Pricing Management WooCommerce plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WholeSale Products Dynamic Pricing Management WooCommerce versions = 1.2...

4.4CVSS5.8AI score0.00157EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 3:37 a.m.1 views

CVE-2026-4479 WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.9AI score0.00157EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 3:37 a.m.1 views

CVE-2026-4479

The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.4CVSS5.9AI score0.00157EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 3:37 a.m.25 views

CVE-2026-4479

CVE-2026-4479 concerns the WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress. Affected versions: all up to and including 1.2. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. Explo...

4.4CVSS5.9AI score0.00157EPSS
Exploits0References2
Rows per page
Query Builder