Vulnerabilities > Pluginus

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10168 Cross-site Scripting vulnerability in Pluginus Woot
The Active Products Tables for WooCommerce.
network
low complexity
pluginus CWE-79
5.4
2024-10-28 CVE-2024-50450 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
Improper Control of Generation of Code ('Code Injection') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Injection.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4.
network
low complexity
pluginus CWE-94
critical
9.8
2024-09-24 CVE-2024-8623 Code Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3.
network
low complexity
pluginus CWE-94
7.3
2024-09-24 CVE-2024-8624 SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter
The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1.3.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
network
low complexity
pluginus CWE-89
critical
9.9
2024-09-14 CVE-2024-8271 Code Injection vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce
The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1.
network
low complexity
pluginus CWE-94
7.3
2024-06-08 CVE-2024-35730 Cross-site Scripting vulnerability in Pluginus Woot
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.
network
low complexity
pluginus CWE-79
6.1
2024-02-10 CVE-2023-51480 Cross-site Scripting vulnerability in Pluginus Woot
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce.
network
low complexity
pluginus CWE-79
5.4
2024-02-08 CVE-2024-24834 Cross-site Scripting vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.
network
low complexity
pluginus CWE-79
4.8
2024-02-05 CVE-2024-0790 Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and products Manager Professional
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1.
network
low complexity
pluginus CWE-352
4.3
2024-02-05 CVE-2024-0791 Missing Authorization vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and products Manager Professional
The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1.
network
low complexity
pluginus CWE-862
4.3