6 matches found
CVE-2026-11364
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-11364 Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CGA-96X4-56PP-7R72
Bulletin has no description...
CVE-2022-46858
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin = 0.6.0 versions...
CVE-2022-46858
CVE-2022-46858 affects the WordPress plugin Product Specifications for Woocommerce (Amin A. Rezapour) up to version 0.6.0 . The issue is an unauthenticated, reflected Cross-Site Scripting (XSS) via arbitrary query string parameters, enabling injected scripts when users visit a crafted URL. Public...
WordPress plugin Product Specifications for Woocommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...