cleantalk
Vulnerabilities and Security Researches

WPify Woo Czech, bf3ea78681ccb672f188e5175ccf36ef8160eb18

CVE, Research URL

bf3ea78681ccb672f188e5175ccf36ef8160eb18

Home page URL

Security reports for WPify Woo Czech

Application

WPify Woo Czech

Published on
May 16, 2022
Research Description
WPify Woo &#8211; Withdrawal, CRN/VAT, QR payments, Heureka and more for WooCommerce [wpify-woo] < 3.5.7 WPify Woo Czech <= 3.5.6 - Reflected Cross-Site Scripting The WPify Woo Czech plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of '$_SERVER['PHP_SELF']' with insufficient input sanitization and output escaping in versions up to, and including, 3.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 3.5.7.
Status
vulnerable
Previous vulnerability researches
WPify Woo Czech (bf3ea78681ccb672f188e5175ccf36ef8160eb18) , Jun 16, 2026
WPify Woo Czech (5c66c32b-22f2-4b59-a6b2-b8da944cdc3c) , Jun 16, 2026
WPify Woo Czech (CVE-2026-42748) , May 30, 2026
WPify Woo Czech (CVE-2024-1492) , Jun 07, 2024
WPify Woo Czech (CVE-2024-33946) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026