CVE-2026-49061

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

EUVD-2026-36870

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

PT-2026-49500

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Mitchell in WordPress Plugin WPC Product Options for WooCommerce versions = 3.2.1...

EUVD-2026-26741

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

CVE-2025-13391 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

EUVD-2025-198473

Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through = 33.0.16...

CVE-2025-60248

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 3.1.3...

EUVD-2025-38100

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 1.8.6...

CVE-2025-60248 WordPress WPC Product Options for WooCommerce plugin <= 3.1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 3.1.3...

CVE-2025-60248

CVE-2025-60248 affects the WordPress plugin WPC Product Options for WooCommerce (WPClever) up to version 1.8.6. The issue is described as an improper control of filename for include/require statements, leading to PHP Local File Inclusion (LFI) via a PHP Remote File Inclusion vector. The CVSS vect...

CVE-2025-60248 WordPress WPC Product Options for WooCommerce plugin <= 3.1.3 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 3.1.3...

PT-2025-45288

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 1.8.6...

WordPress plugin WPC Product Options for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2025-30886

Malicious code in bioql PyPI...

EUVD-2024-35485

Malicious code in bioql PyPI...

EUVD-2024-29798

Malicious code in bioql PyPI...

CVE-2025-10412 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.55 - Unauthenticated Arbitrary File Upload via 'uni_cpo_upload_file'

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'unicpouploadfile' function in all versions up to, and including, 4.9.55. This makes it possible for...