3 matches found
WordPress Woocommerce Custom Product Addons Pro plugin <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability
Unauthenticated Remote Code Execution via Custom Pricing Formula vulnerability discovered by Ren Voza in WordPress Plugin Woocommerce Custom Product Addons Pro versions = 5.4.1...
CVE-2026-4001
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula
The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval in the processcustomformula function within includes/process/price.php. This is due to insufficient sanitization an...