cleantalk
Vulnerabilities and Security Researches

Place Order Without Payment for WooCommerce, CVE-2024-13362

CVE, Research URL

CVE-2024-13362

Home page URL

Security reports for Place Order Without Payment for WooCommerce

Application

Place Order Without Payment for WooCommerce

Published on
May 01, 2026
Research Description
Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 8.0.8.
Status
vulnerable
Previous vulnerability researches
Plugin Central (CVE-2025-46439) , Apr 26, 2025
Plugin Central (dc94c84bbc7a71287b02b5d483cdf884e1ca2777) , Jun 07, 2024
New vulnerability
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2024-13362) , May 02, 2026
Elementor Website Builder – More than Just a Page Builder (CVE-2026-6127) , May 02, 2026
WPGraphQL (CVE-2026-40762) , May 02, 2026
Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery (CVE-2024-13362) , May 02, 2026
GiveWP – Donation Plugin and Fundraising Platform (CVE-2026-34900) , May 02, 2026