CVE-2024-13359
- EPSS 1.44%
- Veröffentlicht 08.03.2025 10:15:09
- Zuletzt bearbeitet 13.03.2025 15:15:40
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0....
CVE-2024-10857
- EPSS 1.81%
- Veröffentlicht 26.11.2024 07:15:05
- Zuletzt bearbeitet 09.07.2025 18:47:06
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it poss...
CVE-2024-31431
- EPSS 0.16%
- Veröffentlicht 15.04.2024 10:15:10
- Zuletzt bearbeitet 21.11.2024 09:13:31
Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0.
CVE-2020-36696
- EPSS 0.35%
- Veröffentlicht 07.06.2023 02:15:10
- Zuletzt bearbeitet 21.11.2024 05:30:05
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticat...