1137 matches found
WordPress Role Based Pricing for Woo by Meow Crew plugin <= 1.6.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin WooCommerce Role Based Pricing by Meow Crew versions = 1.6.0...
CVE-2026-39704
Missing Authorization vulnerability in nfusionsolutions Precious Metals Automated Product Pricing – Pro precious-metals-automated-product-pricing-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Precious Metals Automated Product Pricing – Pro: from n/...
EUVD-2026-22911
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...
CVE-2026-2262
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
CVE-2026-2262 Easy Appointments <= 3.12.21 - Unauthenticated Sensitive Information Exposure via REST API
The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the /wp-json/wp/v2/eablocks/eaappointments/ REST API endpoint. This is due to the endpoint being registered with 'permissioncallback' = 'returntrue', which...
CVE-2026-2262
The Easy Appointments WordPress plugin (up to version 3.12.21) exposes sensitive customer data via the REST endpoint /wp-json/wp/v2/eablocks/ea_appointments/ because permission_callback is set to __return_true. This allows unauthenticated access to full names, email addresses, phone numbers, IP a...
WordPress Product Pricing Table by WooBeWoo plugin <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability
Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Product Pricing Table by WooBeWoo versions = 1.1.0...
CVE-2026-1852
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...
CVE-2026-1852
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...
CVE-2026-1852 Product Pricing Table by WooBeWoo <= 1.1.0 - Cross-Site Request Forgery to Stored XSS and Pricing Table Deletion
The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the updateLabel and remove functions. This makes it possible for unauthenticated attackers to...
CVE-2026-1852
Summary: CVE-2026-1852 affects the Product Pricing Table by WooBeWoo WordPress plugin. It is a Cross-Site Request Forgery (CSRF) vulnerability with stored XSS implications due to missing/incorrect nonce validation on the updateLabel() and remove() functions, in all versions up to 1.1.0. This allo...
WordPress plugin Product Pricing Table by WooBeWoo 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-33055
Name of the Vulnerable Software and Affected Versions Product Pricing Table by WooBeWoo versions prior to 1.1.1 Description The Product Pricing Table by WooBeWoo plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing or incorrect nonce validation i...
CVE-2026-37592
Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/managepricing.php...
WordPress WholeSale Products Dynamic Pricing Management WooCommerce plugin <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via Plugin Settings vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin WholeSale Products Dynamic Pricing Management WooCommerce versions = 1.2...
CVE-2026-4479 WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-4479
The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2026-4479
CVE-2026-4479 concerns the WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress. Affected versions: all up to and including 1.2. The vulnerability is a Stored Cross-Site Scripting flaw in admin settings caused by insufficient input sanitization and output escaping. Explo...