Themeisle Product Addons & Fields For Woocommerce — known CVE vulnerabilities
Every CVE whose affected-product data names Themeisle Product Addons & Fields For Woocommerce, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2024-3962 — CVSS 9.8 (critical): The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type…
CVE-2023-2256 — CVSS 6.1 (medium): The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to…
CVE-2024-35728 — CVSS 5.3 (medium): Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for…
CVE-2023-1839 — CVSS 4.8 (medium): The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which…