| CVE/PSC | Application | Date | Affected versions | Description | Details |
|---|---|---|---|---|---|
| Actual on: Feb 08, 2025, 21:02:01 | Entries count: 5 | ||||
|
vulnerable
|
Feb 07, 2025, 08:02:24 |
Min -
Max 5.4.0
|
EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory [ean-for-woocommerce] < 5.4.0 CVE-2025-22673 | ||
|
vulnerable
|
Jun 07, 2024, 05:06:13 |
Min -
Max 4.9.0
|
Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | ||
|
vulnerable
|
Jun 07, 2024, 05:06:13 |
Min -
Max 4.4.3
|
The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||
|
vulnerable
|
Jun 07, 2024, 05:06:13 |
Min -
Max 4.9.3
|
The EAN for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.9.2 via the the 'alg_wc_ean_product_meta' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata. | ||
|
vulnerable
|
Jun 07, 2024, 05:06:13 |
Min -
Max 4.9.3
|
The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_ean_product_meta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||