← Back

Villatheme

villatheme

18 CVEs • 14 products

Products (14)

Click to collapse
Toggle
Woocommerce Thank You Page Customizer
woocommerce_thank_you_page_customizer
4 CVEs
Orders Tracking For Woocommerce
orders_tracking_for_woocommerce
2 CVEs
Exmage
exmage
1 CVE
Dropshipping And Fulfillment For Aliexpress And Woocommerce
dropshipping_and_fulfillment_for_aliexpress_and_woocommerce
1 CVE
S2w Import Shopify To Woocommerce
s2w_-_import_shopify_to_woocommerce
1 CVE
Cart All In One For Woocommerce
cart_all_in_one_for_woocommerce
1 CVE
Woocommerce Multi Currency
woocommerce_multi_currency
1 CVE
Abandoned Cart Recovery For Woocommerce
abandoned_cart_recovery_for_woocommerce
1 CVE
Wpbulky
wpbulky
1 CVE
Product Size Chart For Woocommerce
product_size_chart_for_woocommerce
1 CVE
Curcy
curcy
1 CVE
Woocommerce Photo Reviews
woocommerce_photo_reviews
1 CVE
Woocommerce Email Template Customizer
woocommerce_email_template_customizer
1 CVE
W2s
w2s
1 CVE

CVEs (18)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-12861
1Villatheme
1W2s
Jan 31, 2025
Jan 30, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticate...Show more
The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.Show less
CVE-2024-49288
1Villatheme
1Woocommerce Email Template Customizer
Apr 23, 2026
Oct 17, 2024
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue af...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.9.1.Show less
CVE-2024-8277
1Villatheme
1Woocommerce Photo Reviews
Sep 26, 2024
Sep 11, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is b...Show more
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.Show less
CVE-2024-1687
1Villatheme
1Woocommerce Thank You Page Customizer
Apr 8, 2026
Feb 27, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function i...Show more
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes.Show less
CVE-2024-1686
1Villatheme
1Woocommerce Thank You Page Customizer
Apr 8, 2026
Feb 27, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing...Show more
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII.Show less
CVE-2023-50831
1Villatheme
1Curcy
Apr 28, 2026
Dec 21, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooC...Show more
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.Show less
CVE-2023-48778
1Villatheme
1Product Size Chart For Woocommerce
Apr 28, 2026
Dec 18, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.
CVE-2023-4216
1Villatheme
1Orders Tracking For Woocommerce
Apr 23, 2025
Sep 4, 2023
N/A· v4
2.7 LOW· v3
N/A· v2
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file...Show more
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.Show less
CVE-2023-30482
1Villatheme
1Wpbulky
Nov 21, 2024
Aug 8, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions.
CVE-2021-4395
1Villatheme
1Abandoned Cart Recovery For Woocommerce
Apr 8, 2026
Jul 1, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items(...Show more
The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2021-4379
1Villatheme
1Woocommerce Multi Currency
Apr 8, 2026
Jun 7, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it pos...Show more
The WooCommerce Multi Currency plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wmc_bulk_fixed_price function in versions up to, and including, 2.1.17. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to make changes to product prices.Show less
CVE-2022-46810
1Villatheme
1Woocommerce Thank You Page Customizer
Jan 15, 2025
May 25, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
CVE-2022-46812
1Villatheme
1Woocommerce Thank You Page Customizer
Jan 15, 2025
May 25, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.
CVE-2022-46806
1Villatheme
1Cart All In One For Woocommerce
Nov 21, 2024
Mar 1, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All In One For WooCommerce plugin <= 1.1.10 leading to cart modification.
CVE-2022-44634
1Villatheme
1S2w Import Shopify To Woocommerce
Feb 20, 2025
Nov 18, 2022
N/A· v4
4.9 MEDIUM· v3
N/A· v2
Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress.
CVE-2022-41623
1Villatheme
1Dropshipping And Fulfillment For Aliexpress And Woocommerce
Nov 21, 2024
Oct 14, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.
CVE-2022-1037
1Villatheme
1Exmage
Nov 21, 2024
Apr 18, 2022
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs
CVE-2021-25062
1Villatheme
1Orders Tracking For Woocommerce
Nov 21, 2024
Jan 24, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting