Wpfactory CVEs and Security Vulnerabilities

Filtered by vendor Wpfactory Subscriptions

Search

Switch to Advanced Search (Beta)

Total 42 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62096	2 Wordpress, Wpfactory	2 Wordpress, Maximum Products Per User For Woocommerce	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through <= 4.4.3.
CVE-2025-58985	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Additional Custom Product Tabs For Woocommerce	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce product-tabs-for-woocommerce allows Stored XSS.This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through <= 1.7.3.
CVE-2025-57972	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Helpdesk Support Ticket System	2026-04-01	N/A
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.
CVE-2025-49887	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Product Xml Feed Manager For Woocommerce	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.3.
CVE-2025-49319	2 Wordpress, Wpfactory	2 Wordpress, Wishlist For Woocommerce	2026-04-01	N/A
Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist for WooCommerce: from n/a through <= 3.2.3.
CVE-2025-48254	1 Wpfactory	1 Change Add To Cart Button Text For Woocommerce	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Change Add to Cart Button Text for WooCommerce add-to-cart-button-labels-for-woocommerce allows Stored XSS.This issue affects Change Add to Cart Button Text for WooCommerce: from n/a through <= 2.2.2.
CVE-2025-48253	1 Wpfactory	1 Free Shipping Bar	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce allows Stored XSS.This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through <= 2.4.6.
CVE-2025-48252	1 Wpfactory	1 Back Button Widget	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget back-button-widget allows Stored XSS.This issue affects Back Button Widget: from n/a through <= 1.6.8.
CVE-2025-48249	1 Wpfactory	1 Ean For Woocommerce	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Stored XSS.This issue affects EAN for WooCommerce: from n/a through <= 5.4.6.
CVE-2025-48237	1 Wpfactory	1 Wishlist For Woocommerce	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.2.2.
CVE-2025-39601	1 Wpfactory	1 Custom Css, Js & Php	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through <= 2.4.1.
CVE-2025-22673	2 Wordpress, Wpfactory	2 Wordpress, Ean For Woocommerce	2026-04-01	N/A
Missing Authorization vulnerability in WPFactory EAN for WooCommerce ean-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EAN for WooCommerce: from n/a through <= 5.3.5.
CVE-2024-49305	1 Wpfactory	1 Customer Email Verification For Woocommerce	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Email Verification for WooCommerce emails-verification-for-woocommerce allows SQL Injection.This issue affects Email Verification for WooCommerce: from n/a through <= 2.8.10.
CVE-2024-44061	1 Wpfactory	1 Eu\/uk Vat Manager For Woocommerce	2026-04-01	6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory EU/UK VAT Manager for WooCommerce eu-vat-for-woocommerce.This issue affects EU/UK VAT Manager for WooCommerce: from n/a through <= 2.12.14.
CVE-2026-24992	2 Wordpress, Wpfactory	2 Wordpress, Advanced Woocommerce Product Sales Reporting	2026-04-01	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.2.
CVE-2025-69334	2 Wordpress, Wpfactory	2 Wordpress, Wishlist For Woocommerce	2026-04-01	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through <= 3.3.0.
CVE-2025-68528	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Free Shipping Bar	2026-04-01	5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce amount-left-free-shipping-woocommerce allows Stored XSS.This issue affects Free Shipping Bar: Amount Left for Free Shipping for WooCommerce: from n/a through <= 2.4.9.
CVE-2026-23977	2 Wordpress, Wpfactory	2 Wordpress, Helpdesk Support Ticket System For Woocommerce	2026-03-27	7.5 High
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.2.
CVE-2026-24993	2 Wordpress, Wpfactory	2 Wordpress, Advanced Woocommerce Product Sales Reporting	2026-03-27	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Blind SQL Injection.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through <= 4.1.3.
CVE-2025-14399	2 Wordpress, Wpfactory	2 Wordpress, Download Plugins And Themes From Dashboard	2025-12-18	4.3 Medium
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the download_plugin_bulk and download_theme_bulk functions. This makes it possible for unauthenticated attackers to archive all the sites plugins and themes and place them in the `wp-content/uploads/` directory via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Page 1 of 3. next last »