← Back

Wpfactory

wpfactory

26 CVEs • 15 products

Products (15)

Click to collapse
Toggle
Ean For Woocommerce
ean_for_woocommerce
4 CVEs
Products, Order & Customers Export For Woocommerce
products,_order_&_customers_export_for_woocommerce
3 CVEs
Eu/uk Vat Manager For Woocommerce
eu/uk_vat_manager_for_woocommerce
3 CVEs
Wpfactory Helper
wpfactory_helper
2 CVEs
Back Button Widget
back_button_widget
2 CVEs
Wishlist For Woocommerce
wishlist_for_woocommerce
2 CVEs
Customer Email Verification For Woocommerce
customer_email_verification_for_woocommerce
2 CVEs
Download Plugins And Themes From Dashboard
download_plugins_and_themes_from_dashboard
1 CVE
File Renaming On Upload
file_renaming_on_upload
1 CVE
Custom Css, Js & Php
custom_css,_js_&_php
1 CVE
Cost Of Goods For Woocommerce
cost_of_goods_for_woocommerce
1 CVE
Quantity Dynamic Pricing & Bulk Discounts For Woocommerce
quantity_dynamic_pricing_&_bulk_discounts_for_woocommerce
1 CVE
Maximum Products Per User For Woocommerce
maximum_products_per_user_for_woocommerce
1 CVE
Free Shipping Bar
free_shipping_bar
1 CVE
Change Add To Cart Button Text For Woocommerce
change_add_to_cart_button_text_for_woocommerce
1 CVE

CVEs (26)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-47547
1Wpfactory
1Products, Order & Customers Export For Woocommerce
Nov 21, 2024
Nov 14, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions.
CVE-2021-4418
1Wpfactory
1Custom Css, Js & Php
Apr 8, 2026
Oct 20, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes i...Show more
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.Show less
CVE-2023-36689
1Wpfactory
1Wpfactory Helper
Nov 21, 2024
Aug 5, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.
CVE-2023-2684
1Wpfactory
1File Renaming On Upload
Dec 11, 2024
Jun 19, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when t...Show more
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2023-0062
1Wpfactory
1Ean For Woocommerce
Mar 25, 2025
Feb 6, 2023
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with th...Show more
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2019-17239
1Wpfactory
1Download Plugins And Themes From Dashboard
Nov 21, 2024
Oct 7, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.