Vulnerabilities (CVE)

Filtered by vendor Najeebmedia Subscribe
Filtered by product Ppom For Woocommerce
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25018 1 Najeebmedia 1 Ppom For Woocommerce 2024-11-21 3.5 LOW 5.4 MEDIUM
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues
CVE-2019-14948 1 Najeebmedia 1 Ppom For Woocommerce 2024-11-21 3.5 LOW 5.4 MEDIUM
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.