188 matches found
CVE-2025-8618
CVE-2025-8618 affects WPC Smart Quick View for WooCommerce (WordPress). Vulnerability: Stored Cross-Site Scripting via the woosq_btn shortcode caused by insufficient input sanitization and output escaping in versions up to 4.2.1. Impact: authenticated attackers with contributor-level access and h...
WordPress plugin WPC Smart Quick View for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-7496
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...
WordPress plugin WPC Smart Compare for WooCommerce 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-5530
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-5530
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-5530
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2025-5530
CVE-2025-5530 references the WPC Smart Compare for WooCommerce WordPress plugin. A stored XSS vulnerability exists in the shortcode_btn shortcode across all versions up to and including 6.4.6 due to insufficient input sanitization and output escaping. Exploitation requires attacker with contribut...
CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcodebtn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
PT-2025-29212 · WordPress +1 · Wpc Smart Compare For Woocommerce +1
Name of the Vulnerable Software and Affected Versions: WPC Smart Compare for WooCommerce versions up to and including 6.4.6 Description: The WPC Smart Compare for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s shortcode btn shortcode...
WordPress WPC Smart Compare for WooCommerce plugin <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by muhammad yudha in WordPress Plugin WPC Smart Compare for WooCommerce versions = 6.4.6...
CVE-2024-32687
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3...
CVE-2024-12004
The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajaxupdateordernote function. This makes it possible for unauthenticated attackers to injec...
CVE-2023-52127
Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1...
CVE-2023-34386
Cross-Site Request Forgery CSRF vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin = 4.7.1 versions...
CVE-2023-6494
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2022-1465
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue...
SAP KMC WPC Information Disclosure Vulnerability
SAP KMC WPC is a combination of enterprise content management and web publishing components from SAP. An information disclosure vulnerability exists in SAP KMC WPC, which can be exploited by an attacker to retrieve a user name via a simple parameter query, resulting in the disclosure of sensitive...
CVE-2025-3418
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...