The FULL – Cliente plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in al
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.3.7 due to insu
The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including,
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg with
The CURCY - WooCommerce Multi Currency - Currency Switcher plugin for WordPress is vulnerable to SQL Injection via the 'wc_filter_price_meta[where]' parameter in all versions up to, and including, 2.3
The MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9
The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and
The Dynamic AJAX Product Filters for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 1.3.7 due to insuffici
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and
The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sa
The 2D Tag Cloud plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 6.0.
Improper Control of Generation of Code ('Code Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Code Injection.This issue affects
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind S
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and includin
The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitiza
The WP – Bulk SMS – by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanit
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Sitewide Discount for WooCommerce: Apply Discount to All Products global-shop-discount-f
The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg() function without appropriate escaping on the URL in all versions