Lucene search
K

239 matches found

NVD
NVD
added 2026/07/08 12:17 p.m.11 views

CVE-2026-12936

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00266EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 11:30 a.m.10 views

CVE-2026-12936

The CVE-2026-12936 relates to the Recurio – Ultimate Subscription for WooCommerce WordPress plugin. It describes a generic SQL Injection via the 'data' parameter in all versions up to and including 1.1.3 , caused by insufficient escaping and inadequate query preparation. With shop manager-level a...

4.9CVSS6AI score0.00266EPSS
Exploits0References4
NVD
NVD
added 2026/07/02 10:16 a.m.11 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS0.00263EPSS
Exploits1References8
CVE
CVE
added 2026/07/02 8:33 a.m.13 views

CVE-2026-10104

The Product Video Gallery for Woocommerce plugin (WordPress) is affected up to version 1.5.1.8 by a Stored Cross-Site Scripting flaw in the custom_thumbnail parameter, caused by insufficient input sanitization and output escaping. Exploitation requires shop manager-level access or higher (authent...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
EUVD
EUVD
added 2026/07/02 8:33 a.m.9 views

EUVD-2026-41269

The Product Video Gallery for Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via customthumbnail Parameter in all versions up to, and including, 1.5.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

4.4CVSS5.9AI score0.00263EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.8 views

PT-2026-54937

Name of the Vulnerable Software and Affected Versions Product Video Gallery for Woocommerce versions prior to 1.5.1.9 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with shop manager-level access or higher can...

4.4CVSS6.1AI score0.00263EPSS
Exploits1References13
NVD
NVD
added 2026/06/18 8:16 a.m.11 views

CVE-2026-12137

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 6:50 a.m.29 views

CVE-2026-12137

The CVE concerns the WordPress plugin SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager. It is vulnerable to a Reflected Cross-Site Scripting (XSS) via the tab parameter in all versions up to and including 4.3.6, caused by insufficient input sanitization...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 6:50 a.m.10 views

EUVD-2026-37861

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 6:50 a.m.32 views

CVE-2026-12137 SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and output escaping. Thi...

6.1CVSS0.00211EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 6:16 a.m.13 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
EUVD
EUVD
added 2026/06/18 5:34 a.m.14 views

EUVD-2026-37844

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00369EPSS
Exploits0References14
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:34 a.m.9 views

CVE-2026-11360

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS5.8AI score0.00369EPSS
Exploits0References15
CVE
CVE
added 2026/06/18 5:34 a.m.29 views

CVE-2026-11360

The CVE-2026-11360 entry concerns the WordPress plugin Advanced Order Export For WooCommerce (WooCommerce), affected up to version 4.0.10. The vulnerability is a generic SQL Injection via the sort_direction parameter caused by insufficient escaping and inadequate SQL query preparation. Exploitati...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.39 views

CVE-2026-11360 Advanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' Parameter

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00369EPSS
Exploits0References14
Patchstack
Patchstack
added 2026/06/17 4:45 p.m.8 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36946

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36945

Shop manager PHP Object Injection in YayMail = 4.3.3 versions...

7.2CVSS5.3AI score0.00359EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36924

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

7.2CVSS5.3AI score0.00446EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39499

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

7.2CVSS0.00446EPSS
Exploits0References1
Rows per page
Query Builder