Vulnerabilities > Villatheme > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-49288 | Cross-site Scripting vulnerability in Villatheme Woocommerce Email Template Customizer Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through 1.2.5. | 4.8 |
| 2023-12-21 | CVE-2023-50831 | Cross-site Scripting vulnerability in Villatheme Curcy Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0. | 5.4 |
| 2023-08-08 | CVE-2023-30482 | Cross-site Scripting vulnerability in Villatheme Wpbulky Auth. | 5.4 |
| 2023-07-01 | CVE-2021-4395 | Unspecified vulnerability in Villatheme Abandoned Cart Recovery for Woocommerce The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. | 6.5 |
| 2023-06-07 | CVE-2021-4379 | Unspecified vulnerability in Villatheme Woocommerce Multi Currency 2.1.17 The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. | 6.5 |
| 2023-03-01 | CVE-2022-46806 | Cross-Site Request Forgery (CSRF) vulnerability in Villatheme Cart ALL in ONE for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification. | 4.3 |
| 2022-11-18 | CVE-2022-44634 | Unspecified vulnerability in Villatheme S2W - Import Shopify to Woocommerce Auth. | 4.9 |
| 2022-04-18 | CVE-2022-1037 | Server-Side Request Forgery (SSRF) vulnerability in Villatheme Exmage The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs | 6.5 |
| 2022-01-24 | CVE-2021-25062 | Cross-site Scripting vulnerability in Villatheme Orders Tracking for Woocommerce The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 4.3 |