Vulnerabilities and security researches forwoo-category-slider-by-pluginever woo-category-slider-by-pluginever

Jun 07, 2024

CVE, Research URL: c475256758618c5134272f2b2ef2e2716df75491
Home page URL: Security reports for Product Category Slider for WooCommerce
Application: Product Category Slider for WooCommerce
Date: Mar 21, 2023
Research Description: Product Category Slider for WooCommerce [woo-category-slider-by-pluginever] < 4.1.6 WordPress Product Category Slider for WooCommerce Plugin <= 4.1.5 is vulnerable to Cross Site Request Forgery (CSRF) No patched version is available. No reply from the vendor. Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Product Category Slider for WooCommerce Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.
Affected versions: max 4.1.6.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2025-39364
Home page URL: Security reports for Product Category Slider for WooCommerce
Application: Product Category Slider for WooCommerce
Date: May 19, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginEver Product Category Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Product Category Slider for WooCommerce: from n/a through 4.3.4.
Affected versions: max 4.3.5.
Status: vulnerable