Yikesinc Custom Product Tabs For Woocommerce vulnerabilities
3 known vulnerabilities affecting yikesinc/custom_product_tabs_for_woocommerce.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-28666P2MEDIUMCVSS 5.3ExploitedPoC≤ 1.7.72022-07-21
CVE-2022-28666 [MEDIUM] CWE-287 CVE-2022-28666: Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.
Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.
nvd
CVE-2024-11465P3HIGHCVSS 7.2≤ 1.8.52025-01-07
CVE-2024-11465 [HIGH] CWE-502 CVE-2024-11465: The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection i
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object.
nvd
CVE-2022-43463P4MEDIUMCVSS 4.8fixed in 1.8.02022-11-18
CVE-2022-43463 [MEDIUM] CWE-79 CVE-2022-43463: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerc
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Custom Product Tabs for WooCommerce plugin <= 1.7.9 on WordPress.
nvd