Prodigycommerce Prodigy Commerce vulnerabilities
3 known vulnerabilities affecting prodigycommerce/prodigy_commerce.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-0926P2CRITICALCVSS 9.8PoC≤ 3.3.02026-02-19
CVE-2026-0926 [CRITICAL] CWE-98 CVE-2026-0926: The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up t
The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute arbitrary files on the server, allowing the execution of any PHP code in those fi
nvd
CVE-2024-54251P3MEDIUMCVSS 6.5≤ 3.1.22024-12-09
CVE-2024-54251 [MEDIUM] CWE-862 CVE-2024-54251: Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Expl
Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.
nvd
CVE-2024-54250P4MEDIUMCVSS 6.5≤ 3.0.82024-12-13
CVE-2024-54250 [MEDIUM] CWE-79 CVE-2024-54250: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through <= 3.0.8.
nvd