4 matches found
EUVD-2026-38211
The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2020-35627
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image...
CVE-2020-35627
CVE-2020-35627 affects Ultimate WooCommerce Gift Cards 3.0.2. The issue is a file-upload vulnerability in the Custom GiftCard Template that enables remote code execution. By triggering the image-upload flow, an attacker can rename the image extension to PHP and execute PHP code on the server. Thi...