WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.14.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Autoship Cloud for WooCommerce Subscription Products versions = 2.14.3...

WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Autoship Cloud for WooCommerce Subscription Products versions = 2.8.0...

CVE-2025-26878

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products autoship-cloud allows DOM-Based XSS.This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through...

CVE-2025-26878 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in patternsinthecloud Autoship Cloud for WooCommerce Subscription Products autoship-cloud allows DOM-Based XSS.This issue affects Autoship Cloud for WooCommerce Subscription Products: from n/a through...

WordPress plugin Autoship Cloud for WooCommerce Subscription Products 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPre...

CVE-2024-13461

The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on...

CVE-2024-13461 Autoship Cloud for WooCommerce Subscription Products <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Autoship Cloud for WooCommerce Subscription Products plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'autoship-create-scheduled-order-action' shortcode in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping on...

WordPress YITH WooCommerce Subscription plugin <=1.3.5 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Subscription plugin versions =1.3.5. Solution Update the WordPress YITH WooCommerce Subscription plugin to the latest available version at least 1.3.6...