Vulnerabilities > Berocket

DATE CVE VULNERABILITY TITLE RISK
2024-01-16 CVE-2021-24432 Cross-site Scripting vulnerability in Berocket Advanced Ajax Product Filters
The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.
network
low complexity
berocket CWE-79
6.1
2023-05-18 CVE-2023-23667 Cross-site Scripting vulnerability in Berocket Brands for Woocommerce
Auth.
network
low complexity
berocket CWE-79
5.4
2022-09-06 CVE-2022-2518 Cross-Site Request Forgery (CSRF) vulnerability in Berocket Stockists Manager for Woocommerce 1.0.2.1
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1.
network
low complexity
berocket CWE-352
6.1
2022-03-14 CVE-2022-0399 Cross-site Scripting vulnerability in Berocket Advanced Product Labels for Woocommerce
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting
network
berocket CWE-79
4.3