CVE-2020-36743

The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated attackers to update...

CVE-2024-9170

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcjproductmeta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-39468 · WordPress · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions up to, and including, 7.2.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wcj product meta shortcode due to insufficient input sanitization and output...

WordPress Booster for WooCommerce plugin <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode vulnerability

Authenticated ShopManager+ Stored Cross-Site Scripting via wcjproductmeta Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Booster for WooCommerce versions = 7.2.3...

PT-2024-15121 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: EAN for WooCommerce plugin for WordPress versions up to, and including, 4.9.2 Description: The issue allows authenticated attackers with contributor-level access and above to expose potentially sensitive post metadata due to missing validatio...

CVE-2020-36743

The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated attackers to update...

CVE-2021-4392

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

CVE-2021-4392

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

CVE-2020-36743 Product Catalog Simple <= 1.5.13 - Cross-Site Request Forgery Bypass

The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated attackers to update...

CVE-2021-4392 eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

PT-2023-12504 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions up to, and including, 2.9.43 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the implecode save products meta function. Th...