← Back

Berocket

berocket

5 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Advanced Ajax Product Filters
advanced_ajax_product_filters
2 CVEs
Advanced Product Labels For Woocommerce
advanced_product_labels_for_woocommerce
1 CVE
Stockists Manager For Woocommerce
stockists_manager_for_woocommerce
1 CVE
Brands For Woocommerce
brands_for_woocommerce
1 CVE

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-1505
1Berocket
1Advanced Ajax Product Filters
Jun 17, 2026
Feb 28, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and ou...Show more
The Advanced AJAX Product Filters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.6.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.Show less
CVE-2021-24432
1Berocket
1Advanced Ajax Product Filters
Jun 17, 2026
Jan 16, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Advanced AJAX Product Filters WordPress plugin does not sanitise the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.
CVE-2023-23667
1Berocket
1Brands For Woocommerce
Jun 17, 2026
May 18, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <= 3.7.0.6 versions.
CVE-2022-2518
1Berocket
1Stockists Manager For Woocommerce
Jun 17, 2026
Sep 6, 2022
N/A· v4
6.1 MEDIUM· v3
N/A· v2
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() fu...Show more
The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockist_settings_main() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2022-0399
1Berocket
1Advanced Product Labels For Woocommerce
Jun 17, 2026
Mar 14, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's respons...Show more
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site ScriptingShow less