CVE-2024-35728
- EPSS 0.17%
- Veröffentlicht 10.06.2024 17:16:29
- Zuletzt bearbeitet 21.11.2024 09:20:45
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through 32.0.20.
CVE-2024-3962
- EPSS 10.5%
- Veröffentlicht 26.04.2024 09:15:12
- Zuletzt bearbeitet 07.02.2025 02:07:02
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for un...
CVE-2023-2256
- EPSS 9.46%
- Veröffentlicht 30.05.2023 08:15:10
- Zuletzt bearbeitet 10.01.2025 18:15:18
The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.
CVE-2023-1839
- EPSS 0.11%
- Veröffentlicht 15.05.2023 13:15:10
- Zuletzt bearbeitet 24.01.2025 22:15:32
The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi...