Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

182 matches found

RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS5.7AI score0.00037EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded yesterday4 views

CVE-2026-6725

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00042EPSS
Exploits0References1
Patchstack
Patchstackadded 5 days ago5 views

WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin WPC Product Bundles for WooCommerce versions = 8.5.3...

5.8AI score
Exploits0Affected Software1
NVD
NVDadded 2026/05/13 8:16 a.m.5 views

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS0.00037EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/13 7:44 a.m.4 views

EUVD-2025-209823

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00037EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/13 7:44 a.m.30 views

CVE-2025-14767 WPC Badge Management for WooCommerce <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'text' Attribute

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS0.00037EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/13 12:0 a.m.5 views

PT-2026-40581

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbm best seller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

5.5CVSS6AI score0.00037EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/28 4:28 a.m.2 views

CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.5AI score0.00042EPSS
Exploits0References5
CVE
CVEadded 2026/04/28 4:28 a.m.6 views

CVE-2026-6725

CVE-2026-6725 affects the WordPress plugin WPC Smart Messages for WooCommerce (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpcsm_text_rotator shortcode attribute text in all versions up to and including 4.2.8 , caused by insufficient input sanitization and ...

6.4CVSS5.5AI score0.00042EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.4 views

WordPress plugin WPC Smart Messages for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.8AI score0.00042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/13 11:42 a.m.0 views

CVE-2026-32407

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through = 5.0.8...

5.8AI score0.00039EPSS
Exploits0References2
CVE
CVEadded 2026/03/13 11:42 a.m.7 views

CVE-2026-32407

Technical details (affected product, vulnerable component, impact, or remediation) are not publicly provided in the supplied documents; monitor for updates.

4.3CVSS5.8AI score0.00039EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/13 11:42 a.m.4 views

CVE-2026-32406 WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through = 8.4.5...

5.8AI score0.00037EPSS
Exploits0References1
CVE
CVEadded 2026/03/13 11:42 a.m.3 views

CVE-2026-32406

CVE-2026-32406 describes a Missing Authorization vulnerability in the WordPress plugin WPC Product Bundles for WooCommerce (WooCommerce extension by WPClever), affecting versions &lt;= 8.4.5. Root cause: Broken/Missing Access Control due to incorrectly configured access control security levels. T...

4.3CVSS5.8AI score0.00037EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/13 12:0 a.m.5 views

PT-2026-25252

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through = 8.4.5...

4.3CVSS5.8AI score0.00037EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/01/09 10:45 a.m.7 views

CVE-2022-0397

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...

5.4CVSS6.4AI score0.00285EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2026/01/07 9:15 a.m.4 views

CVE-2024-2838

The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woococomponents0name' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the...

6.4CVSS5.8AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/11/07 5:33 p.m.2 views

CVE-2025-60248

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 3.1.3...

7.5CVSS5.3AI score0.00123EPSS
Exploits0References1
EUVD
EUVDadded 2025/11/06 6:32 p.m.1 views

EUVD-2025-38100

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 1.8.6...

6.6AI score0.00123EPSS
Exploits0References2
NVD
NVDadded 2025/11/06 4:16 p.m.6 views

CVE-2025-60248

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from n/a through = 3.1.3...

7.5CVSS0.00123EPSS
Exploits0References1
Rows per page
Query Builder