Vulnerabilities > Pluginus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-06 | CVE-2022-4489 | Unspecified vulnerability in Pluginus Husky - products Filter Professional for Woocommerce The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 7.2 |
| 2023-01-16 | CVE-2022-4431 | Unspecified vulnerability in Pluginus FOX - Currency Switcher Professional for Woocommerce The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 |
| 2022-12-19 | CVE-2022-4063 | Path Traversal vulnerability in Pluginus Inpost Gallery 2.1.4.1 The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP's extract() function when rendering HTML views, allowing attackers to force the inclusion of malicious files & URLs, which may enable them to run code on servers. | 9.8 |
| 2022-06-27 | CVE-2022-1916 | Cross-site Scripting vulnerability in Pluginus Woot The Active Products Tables for WooCommerce. | 6.1 |
| 2022-02-21 | CVE-2022-0234 | Cross-site Scripting vulnerability in Pluginus Woocs The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 4.3 |
| 2022-02-01 | CVE-2021-25085 | Cross-site Scripting vulnerability in Pluginus Woocommerce products Filter The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |
| 2022-01-10 | CVE-2021-25043 | Cross-site Scripting vulnerability in Pluginus Woocommerce Currency Switcher The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 4.3 |
| 2021-07-14 | CVE-2021-20781 | Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |