Vulnerabilities and security researches forwoo-products-widgets-for-elementor woo-products-widgets-for-elementor

Jun 07, 2024

CVE, Research URL: CVE-2022-4661
Home page URL: Security reports for Widgets for WooCommerce Products on Elementor
Application: Widgets for WooCommerce Products on Elementor
Date: Mar 13, 2023
Research Description: The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 00cc31a32724c453706e038aef15abaef0730a3d
Home page URL: Security reports for Widgets for WooCommerce Products on Elementor
Application: Widgets for WooCommerce Products on Elementor
Date: Feb 28, 2022
Research Description: Widgets for WooCommerce Products on Elementor [woo-products-widgets-for-elementor] < 1.0.6 (closed) WordPress Woo Products Widgets For Elementor plugin <= 1.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability discovered in WordPress Woo Products Widgets For Elementor plugin (versions <= 1.0.5).
Affected versions: Min -, max -.
Status: vulnerable

Aug 16, 2024

CVE, Research URL: CVE-2024-43271
Home page URL: Security reports for Widgets for WooCommerce Products on Elementor
Application: Widgets for WooCommerce Products on Elementor
Date: Aug 19, 2024
Research Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0.
Affected versions: Min -, max -.
Status: vulnerable