Vulnerabilities (CVE)

Filtered by vendor Pluginus Subscribe
Total 50 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25085 1 Pluginus 1 Woocommerce Products Filter 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2021-25043 1 Pluginus 1 Woocommerce Currency Switcher 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue
CVE-2021-24566 1 Pluginus 1 Fox - Currency Switcher Professional For Woocommerce 2024-11-21 N/A 8.8 HIGH
The WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.
CVE-2021-20781 1 Pluginus 1 Wordpress Meta Data And Taxonomies Filter 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2024-50451 1 Pluginus 1 Meta Data And Taxonomies Filter 2024-11-13 N/A 5.4 MEDIUM
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
CVE-2024-10168 1 Pluginus 1 Woot 2024-11-08 N/A 5.4 MEDIUM
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-50450 1 Pluginus 1 Wordpress Meta Data And Taxonomies Filter 2024-10-29 N/A 9.8 CRITICAL
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
CVE-2024-8271 1 Pluginus 1 Fox - Currency Switcher Professional For Woocommerce 2024-09-27 N/A 7.3 HIGH
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode in the 'woocs_get_custom_price_html' function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2024-8623 1 Pluginus 1 Wordpress Meta Data And Taxonomies Filter 2024-09-26 N/A 7.3 HIGH
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2024-8624 1 Pluginus 1 Wordpress Meta Data And Taxonomies Filter 2024-09-26 N/A 9.9 CRITICAL
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.