WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in ...

CVE-2025-66069

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

CVE-2025-66069

CVE-2025-66069 (WordPress PPOM for WooCommerce) is a Missing Authorization / Broken Access Control vulnerability affecting PPOM for WooCommerce versions up to 33.0.16. The issue, reported by Legion Hunter, arises from incorrectly configured access controls in the woocommerce-product-addon feature...

CVE-2025-66069 WordPress PPOM for WooCommerce plugin <= 33.0.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...

WordPress woocommerce-product-addon plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. woocommerce-product-addon plugin is a product specification selection plugin for e-commerce used in it. A cross-site scripting...

CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...

CVE-2019-14948

The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure...

PT-2019-13885 · Woocommerce · Woocommerce Product Add-Ons

Name of the Vulnerable Software and Affected Versions: woocommerce-product-addon plugin version prior to 18.4 Description: The issue allows for XSS via an import of a new meta data structure. Recommendations: For versions prior to 18.4, update to version 18.4 or later to resolve the issue...