CVE-2025-13924 Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

EUVD-2025-202267

The Advanced Product Fields Product Addons for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.17. This is due to missing or incorrect nonce validation on the 'maybeduplicate' function. This makes it possible for unauthenticat...

PT-2025-50109

Name of the Vulnerable Software and Affected Versions Advanced Product Fields Product Addons for WooCommerce plugin for WordPress versions prior to 1.6.18 Description The software is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or missing nonce validation within...

PT-2023-12537 · WordPress · Slider Hero

Name of the Vulnerable Software and Affected Versions: Slider Hero plugin for WordPress versions up to and including 8.2.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the qc slider hero duplicate function. This allows...

PT-2022-15298 · Gallery · Gallery

Name of the Vulnerable Software and Affected Versions: Gallery for Social Photo versions up to, and including 1.0.0.27 Description: The issue is related to Cross-Site Request Forgery due to the failure to properly check for the existence of a nonce in the gifeed duplicate feed function. This allo...