Vulnerabilities and security researches forwoocommerce-products-quick-view woocommerce-products-quick-view

Jun 16, 2026

CVE, Research URL: a258db14fac7c6fbd217ffebb5a812d26ac46780
Home page URL: Security reports for Products Quick View for WooCommerce
Application: Products Quick View for WooCommerce
Date: Aug 15, 2023
Research Description: Products Quick View for WooCommerce [woocommerce-products-quick-view] < 2.3.0 WordPress Products Quick View for WooCommerce Plugin < 2.3.0 is vulnerable to Broken Access Control Update the WordPress Products Quick View for WooCommerce plugin to the latest available version (at least 2.3.0). Unknown discovered and reported this Broken Access Control vulnerability in WordPress Products Quick View for WooCommerce Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 2.3.0.
Affected versions: max 2.3.0.
Status: vulnerable

CVE, Research URL: de3e06615019aff108fb9f37a06bdb545ac61b79
Home page URL: Security reports for Products Quick View for WooCommerce
Application: Products Quick View for WooCommerce
Date: Aug 14, 2023
Research Description: Products Quick View for WooCommerce [woocommerce-products-quick-view] < 2.3.0 Products Quick View for WooCommerce <= 2.2.0 - Missing Authorization The Products Quick View for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the quick_view_prettyphoto_custom_template_load() and quick_view_custom_template_load() functions called via AJAX actions in versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to load templates and view products.
Affected versions: max 2.3.0.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: d1b0f784da3ca0f399c542515fda1423816819f0
Home page URL: Security reports for Products Quick View for WooCommerce
Application: Products Quick View for WooCommerce
Date: Nov 02, 2022
Research Description: Products Quick View for WooCommerce [woocommerce-products-quick-view] < 2.0.2 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset The following plugins for WordPress are vulnerable to Cross-Site Request Forgery: a3 Lazy Load (<= 2.6.0), Contact Us Page – Contact People (<= 3.6.1), a3 Portfolio (<= 3.0.1), Dynamic Product Gallery for WooCommerce (3.0.1), a3 Responsive Slider (<= 2.2.0), Compare Products for WooCommerce (<= 2.8.2), Products Quick View for WooCommerce (<= 2.0.1), Product Sort and Display for WooCommerce (<= 2.2.2), Product Widget Slider for WooCommerce (), WP Email Template (<= 2.6.2). This is due to missing nonce validation on the reset_settings() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.0.2.
Status: vulnerable