cbcvebase.

Pluginus Woot vulnerabilities

7 known vulnerabilities affecting pluginus/woot.

Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2022-1916P2MEDIUMCVSS 6.1ExploitedPoCfixed in 1.0.52022-06-27
CVE-2022-1916 [MEDIUM] CWE-79 CVE-2022-1916: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordP The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting
nvd
CVE-2023-51505P3CRITICALCVSS 9.8≤ 1.0.62023-12-29
CVE-2023-51505 [CRITICAL] CWE-502 CVE-2023-51505: Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6.
nvd
CVE-2024-35730P4MEDIUMCVSS 6.1fixed in 1.0.6.42024-06-08
CVE-2024-35730 [MEDIUM] CWE-79 CVE-2024-35730: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerab Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3.
nvd
CVE-2023-51480P4MEDIUMCVSS 5.4≤ 1.0.62024-02-10
CVE-2023-51480 [MEDIUM] CWE-79 CVE-2023-51480: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store allows Stored XSS.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1
nvd
CVE-2024-10168P4MEDIUMCVSS 5.4fixed in 1.0.6.52024-11-06
CVE-2024-10168 [MEDIUM] CWE-79 CVE-2024-10168: The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woot_button shortcode in all versions up to, and including, 1.0.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authentic
nvd
CVE-2024-0797P4MEDIUMCVSS 4.3≤ 1.0.6.22024-02-05
CVE-2024-0797 [MEDIUM] CWE-862 CVE-2024-0797: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugi The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended f
nvd
CVE-2024-0796P4MEDIUMCVSS 4.3≤ 1.0.6.22024-02-05
CVE-2024-0796 [MEDIUM] CWE-352 CVE-2024-0796: The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugi The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticate
nvd
Pluginus Woot vulnerabilities | cvebase