Vulnerabilities and security researches foradd-fields-to-checkout-page-woocommerce add-fields-to-checkout-page-woocommerce

Jun 06, 2024

CVE, Research URL: CVE-2024-33956
Home page URL: Security reports for Custom WooCommerce Checkout Fields Editor
Application: Custom WooCommerce Checkout Fields Editor
Date: May 14, 2024
Research Description: Missing Authorization vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: b6cd50d916ad63760041bbce3847bd942de90fbc
Home page URL: Security reports for Custom WooCommerce Checkout Fields Editor
Application: Custom WooCommerce Checkout Fields Editor
Date: Feb 28, 2022
Research Description: Custom WooCommerce Checkout Fields Editor [add-fields-to-checkout-page-woocommerce] < 1.3.0 WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Custom WooCommerce Checkout Fields Editor plugin (versions <= 1.2.5).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1697
Home page URL: Security reports for Custom WooCommerce Checkout Fields Editor
Application: Custom WooCommerce Checkout Fields Editor
Date: Mar 23, 2024
Research Description: The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-30518
Home page URL: Security reports for Custom WooCommerce Checkout Fields Editor
Application: Custom WooCommerce Checkout Fields Editor
Date: Mar 29, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in ThemeLocation Custom WooCommerce Checkout Fields Editor.This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.0.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Custom WooCommerce Checkout Fields Editor
Application: Custom WooCommerce Checkout Fields Editor
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Sep 08, 2025

CVE, Research URL: CVE-2025-58799
Home page URL: Security reports for Custom WooCommerce Checkout Fields Editor
Application: Custom WooCommerce Checkout Fields Editor
Date: Sep 05, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in themelocation Custom WooCommerce Checkout Fields Editor allows Cross Site Request Forgery. This issue affects Custom WooCommerce Checkout Fields Editor: from n/a through 1.3.4.
Affected versions: Min -, max -.
Status: vulnerable