Themeisle Ppom Product Addons Custom Fields For Woocommerce vulnerabilities
4 known vulnerabilities affecting themeisle/ppom_product_addons_custom_fields_for_woocommerce.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-11391P2CRITICALCVSS 9.8≤ 33.0.152025-10-18
CVE-2025-11391 [CRITICAL] CWE-434 CVE-2025-11391: The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbi
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whi
nvd
CVE-2024-3962P2CRITICALCVSS 9.8≤ 32.0.182024-04-26
CVE-2024-3962 [CRITICAL] CWE-434 CVE-2024-3962: The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file upl
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote
nvd
CVE-2025-11691P3HIGHCVSS 7.5≤ 33.0.152025-10-18
CVE-2025-11691 [HIGH] CWE-89 CVE-2025-11691: The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for una
nvd
CVE-2024-1047P4MEDIUMCVSS 5.3≤ 32.0.92024-02-02
CVE-2024-1047 [MEDIUM] CWE-862 CVE-2024-1047: Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized m
Multiple plugins and/or themes for WordPress with the ThemeIsle SDK are vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in various versions. This makes it possible for unauthenticated attackers to update options values that allow ThemeIsle to track promotional activities via utm_so
nvd