CVE-2024-9111
- EPSS 0.08%
- Veröffentlicht 21.11.2024 11:15:36
- Zuletzt bearbeitet 21.11.2024 13:57:24
The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authentica...
CVE-2024-38726
- EPSS 0.15%
- Veröffentlicht 01.11.2024 15:15:32
- Zuletzt bearbeitet 01.11.2024 20:24:53
Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.
CVE-2024-3608
- EPSS 0.35%
- Veröffentlicht 09.07.2024 09:15:05
- Zuletzt bearbeitet 21.11.2024 09:29:58
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for u...
CVE-2024-31277
- EPSS 0.53%
- Veröffentlicht 07.04.2024 18:15:10
- Zuletzt bearbeitet 21.11.2024 09:13:10
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.