Vulnerabilities and security researches forsubaccounts-for-woocommerce subaccounts-for-woocommerce
Direction: ascendingJun 07, 2024
Subaccounts for WooCommerce # d549139954f92cf6ed7fd0d234e19d2257f78ba1
- CVE, Research URL
- Home page URL
- Application
- Date
- Jul 19, 2023
- Research Description
- Subaccounts for WooCommerce [subaccounts-for-woocommerce] < 1.4.0 WordPress Subaccounts for WooCommerce Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Subaccounts for WooCommerce plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Subaccounts for WooCommerce Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 23, 2024
Subaccounts for WooCommerce # CVE-2024-11370
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 21, 2024
- Research Description
- Subaccounts for WooCommerce [subaccounts-for-woocommerce] <= 1.6.0 (unfixed) CVE-2024-11370 [en] The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 16, 2025
Subaccounts for WooCommerce # CVE-2025-47461
- CVE, Research URL
- Home page URL
- Application
- Date
- -
- Research Description
- Subaccounts for WooCommerce [subaccounts-for-woocommerce] < 1.6.7 CVE-2025-47461
- Affected versions
-
Min -, max -.
- Status
-
vulnerable