Product Input Fields For Woocommerce Security Vulnerabilities and Issues — Product Input Fields For Woocommerce CVE List

Lucene search

TychesoftwaresProduct Input Fields For Woocommerce

3 matches found

CVE•added 2023/06/07 2:15 a.m.•56 views

CVE-2020-36696

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerabl...

7.5CVSS7.3AI score0.00353EPSS

CVE•added 2024/11/26 7:15 a.m.•40 views

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributo...

6.5CVSS6.2AI score0.00877EPSS

CVE•added 2025/03/08 10:15 a.m.•38 views

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated at...

9.8CVSS8.9AI score0.00395EPSS