Vulnerabilities > Wpfactory > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-20 CVE-2024-44061 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-10-10 CVE-2024-9205 Cross-site Scripting vulnerability in Wpfactory Maximum products PER User for Woocommerce
The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-10-10 CVE-2024-9377 Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce
The Products, Order & Customers Export for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.15.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-10-04 CVE-2024-9384 Cross-site Scripting vulnerability in Wpfactory Quantity Dynamic Pricing & Bulk Discounts for Woocommerce
The Quantity Dynamic Pricing & Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.8.0.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-09-28 CVE-2024-8788 Cross-site Scripting vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.12.11.
network
low complexity
wpfactory CWE-79
6.1
6.1
2024-09-28 CVE-2024-9189 Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce
The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12.
network
low complexity
wpfactory CWE-862
5.3
5.3
2024-09-13 CVE-2024-8656 Cross-site Scripting vulnerability in Wpfactory Helper
The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0.
network
low complexity
wpfactory CWE-79
6.1
6.1
2023-12-29 CVE-2023-51399 Cross-site Scripting vulnerability in Wpfactory Back Button Widget
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3.
network
low complexity
wpfactory CWE-79
5.4
5.4
2023-11-14 CVE-2023-47547 Cross-site Scripting vulnerability in Wpfactory Products, Order & Customers Export for Woocommerce
Unauth.
network
low complexity
wpfactory CWE-79
6.1
6.1
2023-10-20 CVE-2021-4418 Cross-Site Request Forgery (CSRF) vulnerability in Wpfactory Custom Css, JS & PHP 2.0.7
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7.
network
low complexity
wpfactory CWE-352
4.3
4.3