Vulnerabilities > Wpfactory
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-20 | CVE-2024-44061 | Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14. | 6.1 |
2024-10-10 | CVE-2024-9205 | Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. | 6.1 |
2024-10-10 | CVE-2024-9377 | Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15. | 6.1 |
2024-10-04 | CVE-2024-9384 | Cross-site Scripting vulnerability in Wpfactory Quantity Dynamic Pricing & Bulk Discounts for Woocommerce The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0. | 6.1 |
2024-09-28 | CVE-2024-8788 | Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11. | 6.1 |
2024-09-28 | CVE-2024-9189 | Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. | 5.3 |
2024-09-13 | CVE-2024-8656 | Cross-site Scripting vulnerability in Wpfactory Helper The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. | 6.1 |
2024-06-09 | CVE-2024-31276 | Missing Authorization vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce Missing Authorization vulnerability in WPFactory Products, Order & Customers Export for WooCommerce.This issue affects Products, Order & Customers Export for WooCommerce: from n/a through 2.0.8. | 9.8 |
2023-12-29 | CVE-2023-51399 | Cross-site Scripting vulnerability in Wpfactory Back Button Widget Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3. | 5.4 |
2023-11-14 | CVE-2023-47547 | Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce Unauth. | 6.1 |