Lucene search
K

4 matches found

Patchstack
Patchstack
added 2024/11/21 12:0 a.m.12 views

WordPress Product Designer Plugin <= 1.0.35 is vulnerable to Cross Site Scripting (XSS)

Software Product Designer Type Plugin Vulnerable versions = 1.0.35 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9111 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 972d8d8742f9 Credits Francesco Carlucci...

6.4CVSS6AI score0.00519EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/04/07 5:24 p.m.19 views

CVE-2024-31277 WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32...

8.7CVSS8.8AI score0.00466EPSS
Exploits0References1
Prion
Prion
added 2022/04/19 9:15 p.m.17 views

Cross site request forgery (csrf)

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

6.8CVSS8.6AI score0.0058EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2022/02/08 12:0 a.m.25 views

Fancy Product Designer < 4.7.5 - Admin+ SQL Injection

The plugin is vulnerable to SQL Injection due to insufficient escaping and validation of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information...

7.2CVSS4.8AI score0.01418EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder