CVE-2026-32526

CVE-2026-32526 affects the WordPress plugin VillaTheme Abandoned Cart Recovery for WooCommerce (woo-abandoned-cart-recovery), version range: = 1.1.11) or apply vendor-provided fixes where available. Documentation in connected sources consistently identifies this as a Stored XSS affecting the plug...

CVE-2026-28132

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...

PT-2025-4712 · Villatheme · Villatheme Advanced Product Information For Woocommerce

Name of the Vulnerable Software and Affected Versions: VillaTheme Advanced Product Information for WooCommerce versions 1.1.4 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means...

CVE-2022-46812

Cross-Site Request Forgery CSRF vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin = 1.0.13 versions...