85 matches found
CVE-2026-6725
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-6725
CVE-2026-6725 affects the WordPress plugin WPC Smart Messages for WooCommerce (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpcsm_text_rotator shortcode attribute text in all versions up to and including 4.2.8 , caused by insufficient input sanitization and ...
WordPress plugin WPC Smart Messages for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-32407
Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through = 5.0.8...
CVE-2026-32407
Technical details (affected product, vulnerable component, impact, or remediation) are not publicly provided in the supplied documents; monitor for updates.
CVE-2022-0397
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...
CVE-2025-62903
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.8...
EUVD-2025-36036
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.4...
CVE-2025-62903
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.8...
CVE-2025-62903 WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.8...
CVE-2025-62903
The CVE-2025-62903 entry concerns the WordPress plugin WPC Smart Messages for WooCommerce by WPClever. Affected component: web input handling in the plugin’s messages rendering leads to Stored Cross-Site Scripting (XSS). Affected versions:
CVE-2025-62903 WordPress WPC Smart Messages for WooCommerce plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.8...
WordPress plugin WPC Smart Messages for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-43781
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through = 4.2.4...
CVE-2025-11742 WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure
The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2025-11742
CVE-2025-11742 describes an information exposure in the WordPress plugin WPC Smart Wishlist for WooCommerce (WordPress). The root cause is a missing capability check on the AJAX action wishlist_quickview , affecting all versions up to and including 5.0.4. This allows authenticated users with Subs...
WordPress WPC Smart Quick View for WooCommerce plugin <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure vulnerability
Insecure Direct Object Reference to Unauthenticated Private Product Exposure vulnerability discovered by Lucas Montes Nirox in WordPress Plugin WPC Smart Quick View for WooCommerce versions = 4.2.5...
WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure vulnerability
Missing Authorization to Authenticated Subscriber+ Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin WPC Smart Wishlist for WooCommerce versions = 5.0.4...
WordPress plugin WPC Smart Quick View for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...