Search
Search Results (11 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0555 | 2 Premmerce, Wordpress | 2 Premmerce, Wordpress | 2026-02-11 | 6.4 Medium |
| The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page). | ||||
| CVE-2025-62890 | 2 Premmerce, Wordpress | 2 Brands For Woocommerce, Wordpress | 2026-01-20 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through <= 1.2.13. | ||||
| CVE-2025-62883 | 2 Premmerce, Wordpress | 2 User Roles, Wordpress | 2026-01-20 | 4.3 Medium |
| Missing Authorization vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through <= 1.0.13. | ||||
| CVE-2025-13369 | 2 Premmerce, Wordpress | 2 Woocommerce Customers Manager, Wordpress | 2026-01-08 | 6.1 Medium |
| The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-12783 | 2 Premmerce, Wordpress | 2 Brands For Woocommerce, Wordpress | 2025-12-15 | 4.3 Medium |
| The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings. | ||||
| CVE-2025-13440 | 2 Premmerce, Wordpress | 2 Wishlist For Woocommerce, Wordpress | 2025-12-15 | 5.3 Medium |
| The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists. | ||||
| CVE-2023-23789 | 1 Premmerce | 1 Premmerce Redirect Manager | 2025-01-09 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | ||||
| CVE-2024-31359 | 1 Premmerce | 1 Premmerce Product Filter For Woocommerce | 2024-11-21 | 4.3 Medium |
| Missing Authorization vulnerability in Premmerce Premmerce Product Filter for WooCommerce.This issue affects Premmerce Product Filter for WooCommerce: from n/a through 3.7.2. | ||||
| CVE-2024-27971 | 1 Premmerce | 1 Permalink Manager For Woocommerce | 2024-11-21 | 8.3 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Premmerce Premmerce Permalink Manager for WooCommerce allows PHP Local File Inclusion.This issue affects Premmerce Permalink Manager for WooCommerce: from n/a through 2.3.10. | ||||
| CVE-2023-23787 | 1 Premmerce | 1 Redirect Manager | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. | ||||
| CVE-2023-23719 | 1 Premmerce | 1 Premmerce | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions. | ||||
Page 1 of 1.