40 matches found
EUVD-2026-36946
Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...
CVE-2026-39499
Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...
CVE-2026-39499
The connected PatchStack entry documents a PHP Object Injection vulnerability in the WordPress plugin “Advanced Product Fields (Product Addons) for WooCommerce” (versions
CVE-2026-39499 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability
Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...
PT-2026-49386
Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...
CVE-2026-39428
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
CVE-2026-39428
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
EUVD-2026-30157
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
CVE-2026-39428 CubeCart: Stored Cross-Site Scripting (XSS)
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
CVE-2026-39428
CubeCart CVE-2026-39428: A Stored XSS vulnerability affected CubeCart v6.x prior to 6.6.0, where an admin could inject JavaScript into product fields during creation/modification. Payloads stored in the database could execute when users (customers or admins) view affected product pages, potential...
PT-2026-40804
CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...
CVE-2026-5111
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state...
WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Advanced Product Fields Product Addons for WooCommerce versions = 1.6.19...
CVE-2026-32457
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...
EUVD-2026-12013
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...
CVE-2026-32457
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...
CVE-2026-32457
CVE-2026-32457 concerns a "Missing Authorization" (Broken Access Control) vulnerability in the WordPress plugin Advanced Product Fields (Product Addons) for WooCommerce . Affected versions are from n/a through
CVE-2026-32457 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...
CVE-2026-32457 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability
Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...