Marcoingraiti

Actionwear Products Sync

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-49350

  • EPSS 0.04%
  • Veröffentlicht 09.12.2025 14:52:18
  • Zuletzt bearbeitet 20.01.2026 15:16:33

Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through <= 2.3.3.

8.5

CVE-2025-31619

  • EPSS 0.18%
  • Veröffentlicht 01.04.2025 21:15:51
  • Zuletzt bearbeitet 02.04.2025 14:58:07

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in marcoingraiti Actionwear products sync allows SQL Injection. This issue affects Actionwear products sync: from n/a through 2.3.3.

5.3

CVE-2024-13535

  • EPSS 1.13%
  • Veröffentlicht 18.02.2025 05:15:12
  • Zuletzt bearbeitet 24.02.2025 14:45:46

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. This is due the composer-setup.php file being publicly accessible with 'display_errors' set to true. This makes it po...