cleantalk
Vulnerabilities and Security Researches

WPify Woo Czech, 5c66c32b-22f2-4b59-a6b2-b8da944cdc3c

CVE, Research URL

5c66c32b-22f2-4b59-a6b2-b8da944cdc3c

Home page URL

Security reports for WPify Woo Czech

Application

WPify Woo Czech

Published on
-
Research Description
WPify Woo &#8211; Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce [wpify-woo] < 3.5.7 WPify Woo Czech &lt; 3.5.7 - Reflected Cross-Site Scripting (XSS) The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER[&#039;PHP_SELF&#039;] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output).
Affected versions
max 3.5.7.
Status
vulnerable
Previous vulnerability researches
Appy Pie Connect for WooCommerce (CVE-2025-9286) , Oct 11, 2025
Appy Pie Connect for WooCommerce (CVE-2023-53611) , Jun 16, 2026
New vulnerability
Survey Maker &#8211; Best WordPress Survey Plugin (fc04ca746b32e86094504fa87e14fcc6e895ad88) , Jun 16, 2026
Survey Maker &#8211; Best WordPress Survey Plugin (a3f2e0c73a4c81115beecf8f1d689bce0c191743) , Jun 16, 2026
Survey Maker &#8211; Best WordPress Survey Plugin (bd2e0643-c83b-4ca6-9332-66e4c49252ba) , Jun 16, 2026
Survey Maker &#8211; Best WordPress Survey Plugin (43328a5b05bd39176219d88c42154bd551884246) , Jun 16, 2026
Ultimate Product Catalog (1e3e9939-9948-4184-98cf-7a76b5ee7da9) , Jun 16, 2026