Vulnerabilities > Wpfactory

DATE CVE VULNERABILITY TITLE RISK
2025-02-15 CVE-2024-13525 Unspecified vulnerability in Wpfactory Customer Email Verification for Woocommerce
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4 via Shortcode.
network
low complexity
wpfactory
6.5
2025-02-12 CVE-2024-13528 Unspecified vulnerability in Wpfactory Customer Email Verification for Woocommerce
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.9.5.
network
high complexity
wpfactory
7.5
2024-10-20 CVE-2024-44061 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.
network
low complexity
wpfactory CWE-79
6.1
2024-10-10 CVE-2024-9205 Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8.
network
low complexity
wpfactory CWE-79
6.1
2024-10-10 CVE-2024-9377 Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15.
network
low complexity
wpfactory CWE-79
6.1
2024-10-04 CVE-2024-9384 Cross-site Scripting vulnerability in Wpfactory Quantity Dynamic Pricing & Bulk Discounts for Woocommerce
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0.
network
low complexity
wpfactory CWE-79
6.1
2024-09-28 CVE-2024-8788 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11.
network
low complexity
wpfactory CWE-79
6.1
2024-09-28 CVE-2024-9189 Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12.
network
low complexity
wpfactory CWE-862
5.3
2024-09-13 CVE-2024-8656 Cross-site Scripting vulnerability in Wpfactory Helper
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0.
network
low complexity
wpfactory CWE-79
6.1
2024-06-09 CVE-2024-31276 Unspecified vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce
Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8.
network
low complexity
wpfactory
critical
9.8