← Back

Ean For Woocommerce

ean_for_woocommerce

Vendor: Wpfactory • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-34370
1Wpfactory
1Ean For Woocommerce
Feb 12, 2025
May 17, 2024
N/A· v4
7.2 HIGH· v3
N/A· v2
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
CVE-2023-6897
1Wpfactory
1Ean For Woocommerce
Apr 8, 2026
Apr 18, 2024
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a us...Show more
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata.Show less
CVE-2023-6892
1Wpfactory
1Ean For Woocommerce
Apr 8, 2026
Apr 18, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitiz...Show more
The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2023-0062
1Wpfactory
1Ean For Woocommerce
Mar 25, 2025
Feb 6, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with th...Show more
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less