Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2256
The Product Addons & Fields for WooCommerce WordPress plugin prior to 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.
Themeisle Product Addons \\& Fields For Woocommerce
NA
CVE-2023-1839
The Product Addons & Fields for WooCommerce WordPress plugin prior to 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability i...
Themeisle Product Addons \\& Fields For Woocommerce
383
VMScore
CVE-2017-9419
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote malicious users to inject arbitrary JavaScript via the cs-all-0 parameter.
Webhammer Wp-custom-fields-search 0.3.28
NA
CVE-2020-36696
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated malicious users to download...
Tychesoftwares Product Input Fields For Woocommerce
NA
CVE-2020-36731
The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettin...
Wpdesk Flexible Checkout Fields For Woocommerce
NA
CVE-2023-22676
Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a up to and including 1.4.12.
Andersthorborg Advanced Custom Fields\\ Image Crop Add-on
578
VMScore
CVE-2021-24865
The Advanced Custom Fields: Extended WordPress plugin prior to 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue
Acf-extended Advanced Custom Fields\\ Extended
NA
CVE-2022-4442
The Custom Post Types and Custom Fields creator WordPress plugin prior to 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal...
Cozmoslabs Custom Post Types And Custom Fields Creator
NA
CVE-2022-4831
The Custom User Profile Fields for User Registration WordPress plugin prior to 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scrip...
Paidmembershipspro Custom User Profile Fields For User Registration
NA
CVE-2022-4888
The Checkout Fields Manager WordPress plugin prior to 1.0.2, Abandoned Cart Recovery WordPress plugin prior to 1.2.5, Custom Fields for WooCommerce WordPress plugin prior to 1.0.4, Custom Order Number WordPress plugin up to and including 1.0.1, Custom Registration Forms Builder W...
Addify Order Tracking For Woocommerce
Addify Order Approval For Woocommerce
Addify Image Watermark For Woocommerce
Addify Gift Registry For Woocommerce
Addify Advanced Free Gifts
Addify Custom Registration Forms Builder
Addify Custom Order Number
Addify Custom Fields For Woocommerce
Addify Abandoned Cart Recovery
Addify Checkout Fields Manager
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »