cleantalk
Vulnerabilities and Security Researches

WPify Woo Czech, 5c66c32b-22f2-4b59-a6b2-b8da944cdc3c

CVE, Research URL

5c66c32b-22f2-4b59-a6b2-b8da944cdc3c

Home page URL

Security reports for WPify Woo Czech

Application

WPify Woo Czech

Published on
-
Research Description
WPify Woo &#8211; Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce [wpify-woo] < 3.5.7 WPify Woo Czech &lt; 3.5.7 - Reflected Cross-Site Scripting (XSS) The plugin uses the Vies library v2.2.0, which has a sample file outputting $_SERVER[&#039;PHP_SELF&#039;] in an attribute without being escaped first, leading to a Reflected Cross-Site Scripting. The issue is only exploitable when the web server has the PDO driver installed, and write access to the example directory (otherwise an exception will be raised before the payload is output).
Affected versions
max 3.5.7.
Status
vulnerable
Previous vulnerability researches
Internal Linking for SEO traffic &amp; Ranking &#8211; Auto internal links (100% automatic) (bb4d8c6ce231464414d44706e8b51467551524ef) , Jun 16, 2026
Internal Linking for SEO traffic &amp; Ranking &#8211; Auto internal links (100% automatic) (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
Internal Linking for SEO traffic &amp; Ranking &#8211; Auto internal links (100% automatic) (CVE-2023-33999) , Jun 13, 2026
Internal Linking for SEO traffic &amp; Ranking &#8211; Auto internal links (100% automatic) (CVE-2024-11009) , Nov 28, 2024
Internal Linking for SEO traffic &amp; Ranking &#8211; Auto internal links (100% automatic) (CVE-2022-4974) , Nov 16, 2024
New vulnerability
Ultimate Product Catalog (1e3e9939-9948-4184-98cf-7a76b5ee7da9) , Jun 16, 2026
Ultimate Product Catalog (6e082389592af4f8526d806b5537ae30893080af) , Jun 16, 2026
Ultimate Product Catalog (9201793a558274a04bf6946982feb25e9e07964f) , Jun 16, 2026
Ultimate Product Catalog (03c299b0624aebc60de25384ca070d443144b958) , Jun 16, 2026
Ultimate Product Catalog (1aff5c11ad0c5d607c0a2854f025f1cf020eba28) , Jun 16, 2026