Vulnerabilities and security researches foradvanced-woo-labels advanced-woo-labels

Jun 10, 2024

CVE, Research URL: CVE-2024-35675
Home page URL: Security reports for Advanced Woo Labels – Product Labels for WooCommerce
Application: Advanced Woo Labels – Product Labels for WooCommerce
Date: Jun 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93.
Affected versions: max 1.94.
Status: vulnerable

Oct 04, 2024

CVE, Research URL: CVE-2024-47622
Home page URL: Security reports for Advanced Woo Labels – Product Labels for WooCommerce
Application: Advanced Woo Labels – Product Labels for WooCommerce
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS.This issue affects Advanced Woo Labels: from n/a through 2.01.
Affected versions: max 2.02.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32188
Home page URL: Security reports for Advanced Woo Labels – Product Labels for WooCommerce
Application: Advanced Woo Labels – Product Labels for WooCommerce
Date: Apr 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Stored XSS. This issue affects Advanced Woo Labels: from n/a through 2.14.
Affected versions: max 2.14.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-32414
Home page URL: Security reports for Advanced Woo Labels – Product Labels for WooCommerce
Application: Advanced Woo Labels – Product Labels for WooCommerce
Date: Mar 14, 2026
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Remote Code Inclusion.This issue affects Advanced Woo Labels: from n/a through <= 2.36.
Affected versions: max 2.36.
Status: vulnerable

Apr 15, 2026

CVE, Research URL: CVE-2026-1929
Home page URL: Security reports for Advanced Woo Labels – Product Labels for WooCommerce
Application: Advanced Woo Labels – Product Labels for WooCommerce
Date: Feb 25, 2026
Research Description: The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of `call_user_func_array()` with user-controlled callback and parameters in the `get_select_option_values()` AJAX handler without an allowlist of permitted callbacks or a capability check. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute arbitrary PHP functions and operating system commands on the server via the 'callback' parameter.
Affected versions: max 2.37.
Status: vulnerable