Vulnerabilities > Pluginus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2025-0864 | Cross-site Scripting vulnerability in Pluginus Active products Tables for Woocommerce The Active Products Tables for WooCommerce. | 6.1 |
| 2025-02-17 | CVE-2025-26775 | Cross-site Scripting vulnerability in Pluginus Bear - Woocommerce Bulk Editor and products Manager Professional Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 BEAR allows Stored XSS. | 4.8 |
| 2025-01-23 | CVE-2024-13340 | Cross-site Scripting vulnerability in Pluginus Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mdf_results_by_ajax' shortcode in all versions up to, and including, 1.3.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2025-01-08 | CVE-2024-12030 | SQL Injection vulnerability in Pluginus Wordpress Meta Data and Taxonomies Filter The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-11-19 | CVE-2024-11400 | Cross-site Scripting vulnerability in Pluginus Woocommerce products Filter The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-06 | CVE-2024-10168 | Cross-site Scripting vulnerability in Pluginus Woot The Active Products Tables for WooCommerce. | 5.4 |
| 2024-10-28 | CVE-2024-50451 | Cross-site Scripting vulnerability in Pluginus Meta Data and Taxonomies Filter Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Stored XSS.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.4. | 5.4 |
| 2024-09-25 | CVE-2024-7491 | Unspecified vulnerability in Pluginus Husky - products Filter Professional for Woocommerce The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.6.1 via the woof_messenger_remove_subscr AJAX action due to missing validation on the 'key' user controlled key. | 4.3 |
| 2024-06-08 | CVE-2024-35730 | Unspecified vulnerability in Pluginus Woot Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3. | 6.1 |
| 2024-05-08 | CVE-2024-34558 | Unspecified vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and products Manager Professional Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through 1.0.8.2. | 4.8 |