CVE-2026-29175

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

GHSA-CFPV-RMPF-F624 Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

PT-2026-24417

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

PT-2026-24624

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

CVE-2023-29174

Missing Authorization vulnerability in NervyThemes SKU Label Changer For WooCommerce.This issue affects SKU Label Changer For WooCommerce: from n/a through 3.0...

WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin SKU Generator for WooCommerce versions = 1.6.2...

EUVD-2012-1649

Malware in sbrugna...

EUVD-2025-9069

Malicious code in bioql PyPI...

EUVD-2023-32775

Malicious code in bioql PyPI...

CVE-2025-30917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through = 1.6.2...

CVE-2025-30917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through = 1.6.2...

CVE-2025-30917

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through = 1.6.2...

CVE-2025-30917 WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham SKU Generator for WooCommerce sku-for-woocommerce allows Reflected XSS.This issue affects SKU Generator for WooCommerce: from n/a through = 1.6.2...

CVE-2025-30917

CVE-2025-30917 is a reflected XSS vulnerability in the SKU Generator for WooCommerce (WP Wham SKU Generator for WooCommerce). The issue arises from improper neutralization of input during web page generation, enabling a reflected cross-site scripting payload. Affected versions are from n/a up to ...

WordPress plugin SKU Generator for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2025-14069 · WordPress · Wp Wham Sku Generator For Woocommerce

Name of the Vulnerable Software and Affected Versions: WP Wham SKU Generator for WooCommerce versions 1.6.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables...

Support Statement - Microsoft's Retirement of Basic SKU Public IP Addresses

Challenge Due to Microsoft's deprecation of Basic SKU Public IP addresses, starting on March 31st, 2025, the following product features that utilize the Basic SKU Public IP address will be impacted: Veeam Backup & Replication The Archiver Appliance used by an Object Storage Repository for Microso...

WordPress SKU Generator for WooCommerce plugin <= 1.6.2 - Reflected Cross Site Scripting (XSS) Vulnerability

Reflected Cross Site Scripting XSS Vulnerability discovered by Peter Thaleikis in WordPress Plugin SKU Generator for WooCommerce versions = 1.6.2...

CVE-2024-9212

The SKU Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-9212 SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting

The SKU Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web...