Filtered by vendor Wpfactory
Subscriptions
Filtered by product Ean For Woocommerce
Subscriptions
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-48249 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-05-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce allows Stored XSS. This issue affects EAN for WooCommerce: from n/a through 5.4.6. | ||||
| CVE-2025-22673 | 2 Wordpress, Wpfactory | 2 Wordpress, Ean For Woocommerce | 2025-03-27 | 4.3 Medium |
| Missing Authorization vulnerability in WPFactory EAN for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through 5.3.5. | ||||
| CVE-2023-0062 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-03-25 | 5.4 Medium |
| The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-34370 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-12 | 7.2 High |
| Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | ||||
| CVE-2023-6897 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-11 | 4.3 Medium |
| The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata. | ||||
| CVE-2023-6892 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-11 | 6.4 Medium |
| The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
Page 1 of 1.