Lucene search
K

188 matches found

cve
cve
added 2025/08/20 4:26 a.m.29 views

CVE-2025-8618

CVE-2025-8618 affects WPC Smart Quick View for WooCommerce (WordPress). Vulnerability: Stored Cross-Site Scripting via the woosq_btn shortcode caused by insufficient input sanitization and output escaping in versions up to 4.2.1. Impact: authenticated attackers with contributor-level access and h...

6.4CVSS5.9AI score0.00222EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/08/20 12:0 a.m.4 views

WordPress plugin WPC Smart Quick View for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6AI score0.00222EPSS
Exploits0References5
nvd
nvd
added 2025/08/19 4:15 a.m.7 views

CVE-2025-7496

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00194EPSS
Exploits0References2
cnnvd
cnnvd
added 2025/08/19 12:0 a.m.9 views

WordPress plugin WPC Smart Compare for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS6AI score0.00194EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/07/13 8:8 a.m.7 views

CVE-2025-5530

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.5AI score0.0021EPSS
Exploits0References1
nvd
nvd
added 2025/07/11 8:15 a.m.5 views

CVE-2025-5530

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0021EPSS
Exploits0References4
osv
osv
added 2025/07/11 8:15 a.m.12 views

CVE-2025-5530

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS6AI score0.0021EPSS
Exploits0References4
cvelist
cvelist
added 2025/07/11 7:23 a.m.12 views

CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.0021EPSS
Exploits0References4
cve
cve
added 2025/07/11 7:23 a.m.29 views

CVE-2025-5530

CVE-2025-5530 references the WPC Smart Compare for WooCommerce WordPress plugin. A stored XSS vulnerability exists in the shortcode_btn shortcode across all versions up to and including 6.4.6 due to insufficient input sanitization and output escaping. Exploitation requires attacker with contribut...

6.4CVSS5.5AI score0.0021EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2025/07/11 7:23 a.m.4 views

CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.0021EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2025/07/11 12:0 a.m.4 views

PT-2025-29212 · WordPress +1 · Wpc Smart Compare For Woocommerce +1

Name of the Vulnerable Software and Affected Versions: WPC Smart Compare for WooCommerce versions up to and including 6.4.6 Description: The WPC Smart Compare for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s shortcode btn shortcode...

6.4CVSS5.8AI score0.0021EPSS
Exploits0References9
patchstack
patchstack
added 2025/07/10 9:21 p.m.7 views

WordPress WPC Smart Compare for WooCommerce plugin <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WPC Smart Compare for WooCommerce versions = 6.4.6...

6.4CVSS5.5AI score0.0021EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2025/05/23 10:18 a.m.7 views

CVE-2024-32687

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3...

4.3CVSS5.1AI score0.00372EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:52 a.m.6 views

CVE-2024-12004

The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...

6.1CVSS6.4AI score0.002EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 6:7 a.m.6 views

CVE-2023-52127

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1...

8.8CVSS8.5AI score0.00227EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:22 a.m.9 views

CVE-2023-34386

Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...

8.8CVSS8.5AI score0.00315EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 2:6 a.m.4 views

CVE-2023-6494

The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS5.8AI score0.0033EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 11:31 p.m.5 views

CVE-2022-1465

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.2AI score0.00833EPSS
Exploits2References1
cnvd
cnvd
added 2025/04/18 12:0 a.m.7 views

SAP KMC WPC Information Disclosure Vulnerability

SAP KMC WPC is a combination of enterprise content management and web publishing components from SAP. An information disclosure vulnerability exists in SAP KMC WPC, which can be exploited by an attacker to retrieve a user name via a simple parameter query, resulting in the disclosure of sensitive...

5.3CVSS6.2AI score0.00305EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/04/14 6:40 a.m.25 views

CVE-2025-3418

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...

8.8CVSS7.2AI score0.00359EPSS
Exploits0References1
Rows per page
Query Builder