Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    56 vulnerabilities by premmerce

    CVE-2026-54849 (GCVE-0-2026-54849)

    Vulnerability from nvd – Published: 2026-06-25 13:12 – Updated: 2026-06-25 14:52
    VLAI
    Title
    WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability
    Summary
    Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Wishlist for WooCommerce Affected: n/a , ≤ 1.1.11 (custom)
    Create a notification for this product.
    Credits
    hhhai | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54849",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T14:51:53.961454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T14:52:00.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-woocommerce-wishlist",
              "product": "Premmerce Wishlist for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.1.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.1.11",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "hhhai | Patchstack Bug Bounty Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce \u003c= 1.1.11 versions."
                }
              ],
              "value": "Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce \u003c= 1.1.11 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T13:12:36.841Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/premmerce-woocommerce-wishlist/vulnerability/wordpress-premmerce-wishlist-for-woocommerce-plugin-1-1-11-sql-injection-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the WordPress Premmerce Wishlist for WooCommerce Plugin to the latest available version (at least 1.1.12)."
                }
              ],
              "value": "Update the WordPress Premmerce Wishlist for WooCommerce Plugin to the latest available version (at least 1.1.12)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Premmerce Wishlist for WooCommerce plugin \u003c= 1.1.11 - SQL Injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-54849",
        "datePublished": "2026-06-25T13:12:36.841Z",
        "dateReserved": "2026-06-16T09:22:02.525Z",
        "dateUpdated": "2026-06-25T14:52:00.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6933 (GCVE-0-2026-6933)

    Vulnerability from nvd – Published: 2026-06-16 04:30 – Updated: 2026-06-16 14:52
    VLAI
    Title
    Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation
    Summary
    The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the 'createFromStub' function performing unsanitized string substitution of the 'premmerce_plugin_namespace' parameter directly into PHP stub files written to the wp-content/plugins/ directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Dev Tools Affected: 0 , ≤ 2.0 (semver)
    Create a notification for this product.
    Credits
    Nabil Irawan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6933",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T14:52:16.221107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T14:52:26.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Dev Tools",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nabil Irawan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the \u0027generatePluginHandler\u0027 function lacking any authorization check before processing user-supplied POST data, combined with the \u0027createFromStub\u0027 function performing unsanitized string substitution of the \u0027premmerce_plugin_namespace\u0027 parameter directly into PHP stub files written to the wp-content/plugins/ directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T04:30:16.548Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c43c060b-7a18-49ee-a753-ae1ed2f7e04d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/PluginGenerator/PluginGenerator.php#L125"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/PluginGenerator/PluginGenerator.php#L125"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/Admin/Admin.php#L107"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/Admin/Admin.php#L107"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/PluginGenerator/PluginData.php#L97"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/PluginGenerator/PluginData.php#L97"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-15T16:26:34.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Dev Tools \u003c= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6933",
        "datePublished": "2026-06-16T04:30:16.548Z",
        "dateReserved": "2026-04-23T18:26:15.473Z",
        "dateUpdated": "2026-06-16T14:52:26.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-13362 (GCVE-0-2024-13362)

    Vulnerability from nvd – Published: 2026-05-01 05:29 – Updated: 2026-05-01 13:23
    VLAI
    Title
    Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter
    Summary
    Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    sebet Go Fetch Jobs (for WP Job Manager) Affected: 0 , ≤ 1.8.4.8.1 (semver)
    Create a notification for this product.
    5starplugins Dynamic Copyright Year Affected: 0 , ≤ 1.0.4 (semver)
    Create a notification for this product.
    peterschulznl Code Manager Affected: 0 , ≤ 1.0.40 (semver)
    Create a notification for this product.
    bplugins Advanced Scrollbar – Custom Scrollbar Styling and Behavior Affected: 0 , ≤ 1.1.3 (semver)
    Create a notification for this product.
    yuvalo Goal Tracker – Custom Event Tracking for GA4 Affected: 0 , ≤ 1.1.5 (semver)
    Create a notification for this product.
    essekia Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent Affected: 0 , ≤ 1.1.13 (semver)
    Create a notification for this product.
    josevega WP Page Templates Affected: 0 , ≤ 1.1.16 (semver)
    Create a notification for this product.
    hkdigitalagency Payment Gateway for ACBA BANK Affected: 0 , ≤ 1.2.6 (semver)
    Create a notification for this product.
    princeahmed Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress Affected: 0 , ≤ 1.2.7 (semver)
    Create a notification for this product.
    spiderdevs Forumax – AI Powered Advanced Community Forum Plugin Affected: 0 , ≤ 1.2.7 (semver)
    Create a notification for this product.
    seezee Five-Star Ratings Shortcode Affected: 0 , ≤ 1.2.56 (semver)
    Create a notification for this product.
    oxilab Product Layouts for WooCommerce Affected: 0 , ≤ 1.3.1 (semver)
    Create a notification for this product.
    mr2p Meta Field Block – Display custom fields in the Block Editor without coding Affected: 0 , ≤ 1.3.3 (semver)
    Create a notification for this product.
    themelocation Custom WooCommerce Checkout Fields Editor Affected: 0 , ≤ 1.3.4 (semver)
    Create a notification for this product.
    100plugins Open User Map Affected: 0 , ≤ 1.4.0 (semver)
    Create a notification for this product.
    wpdever WP Notification Bell Affected: 0 , ≤ 1.4.2 (semver)
    Create a notification for this product.
    themelocation Remove Add to Cart WooCommerce Affected: 0 , ≤ 1.4.7 (semver)
    Create a notification for this product.
    princeahmed File Manager for Google Drive – Integrate Google Drive Affected: 0 , ≤ 1.4.9 (semver)
    Create a notification for this product.
    5starplugins Marijuana Age Verify Affected: 0 , ≤ 1.5.5 (semver)
    Create a notification for this product.
    infosatech RevivePress – Keep your Old Content Evergreen Affected: 0 , ≤ 1.5.8 (semver)
    Create a notification for this product.
    nicheaddons Restaurant & Cafe Addon for Elementor Affected: 0 , ≤ 1.5.8 (semver)
    Create a notification for this product.
    paretodigital Send Users Email – Email Subscribers, Email Marketing Newsletter Affected: 0 , ≤ 1.5.10 (semver)
    Create a notification for this product.
    unitecms Unlimited Elements For Elementor Affected: 0 , ≤ 1.5.140 (semver)
    Create a notification for this product.
    meowcrew Role Based Pricing for Woo by Meow Crew Affected: 0 , ≤ 1.6.0 (semver)
    Create a notification for this product.
    nicheaddons Primary Addon for Elementor Affected: 0 , ≤ 1.6.0 (semver)
    Create a notification for this product.
    5starplugins Featured Images in RSS for Mailchimp & More Affected: 0 , ≤ 1.6.3 (semver)
    Create a notification for this product.
    wpsaad Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI Affected: 0 , ≤ 1.6.3 (semver)
    Create a notification for this product.
    kofimokome Message Filter for Contact Form 7 Affected: 0 , ≤ 1.6.3.2 (semver)
    Create a notification for this product.
    paretodigital Embedder for Google Reviews Affected: 0 , ≤ 1.6.6 (semver)
    Create a notification for this product.
    interactivegeomaps MapGeo – Interactive Geo Maps Affected: 0 , ≤ 1.6.22 (semver)
    Create a notification for this product.
    wpbits WPBITS Addons For Elementor Page Builder Affected: 0 , ≤ 1.7 (semver)
    Create a notification for this product.
    toddhalfpenny Widgets on Pages Affected: 0 , ≤ 1.7 (semver)
    Create a notification for this product.
    rebelcode Spotlight Social Feeds – Block, Shortcode, and Widget Affected: 0 , ≤ 1.7.0 (semver)
    Create a notification for this product.
    tobias_conrad WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms Affected: 0 , ≤ 1.7.0 (semver)
    Create a notification for this product.
    webfactory AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o Affected: 0 , ≤ 1.7.2 (semver)
    Create a notification for this product.
    hasanazizul Text To Speech TTS Accessibility Affected: 0 , ≤ 1.7.34 (semver)
    Create a notification for this product.
    5starplugins Easy Age Verify Affected: 0 , ≤ 1.8.5 (semver)
    Create a notification for this product.
    senols AI Puffer – Chat. Create. Automate. (formerly AI Power) Affected: 0 , ≤ 1.8.99 (semver)
    Create a notification for this product.
    damian-gora Justified Gallery Affected: 0 , ≤ 1.9.0 (semver)
    Create a notification for this product.
    mapster Mapster WP Maps Affected: 0 , ≤ 1.9.0 (semver)
    Create a notification for this product.
    streamweasels StreamWeasels Twitch Integration Affected: 0 , ≤ 1.9.2 (semver)
    Create a notification for this product.
    xplodedthemes XT Variation Swatches for WooCommerce Affected: 0 , ≤ 1.9.4 (semver)
    Create a notification for this product.
    bplugins bBlocks – Essential Gutenberg Blocks & Patterns Collection Affected: 0 , ≤ 1.9.8 (semver)
    Create a notification for this product.
    kaizencoders URL Shortify – Simple and Easy URL Shortener Affected: 0 , ≤ 1.10.4 (semver)
    Create a notification for this product.
    uriahs-victor Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Affected: 0 , ≤ 1.10.6 (semver)
    Create a notification for this product.
    cyberhobo Geo Mashup Affected: 0 , ≤ 1.13.15 (semver)
    Create a notification for this product.
    josevega Disable Payment Methods based on cart conditions for WooCommerce Affected: 0 , ≤ 1.16.3 (semver)
    Create a notification for this product.
    pagup Automatic Internal Links for SEO by Pagup Affected: 0 , ≤ 2.0.0 (semver)
    Create a notification for this product.
    enweby Full Screen Background Affected: 0 , ≤ 2.0.2 (semver)
    Create a notification for this product.
    litonice13 Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits Affected: 0 , ≤ 2.0.7.2 (semver)
    Create a notification for this product.
    princeahmed Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player Affected: 0 , ≤ 2.0.82 (semver)
    Create a notification for this product.
    spicethemes Carousel, Recent Post Slider and Banner Slider Affected: 0 , ≤ 2.1 (semver)
    Create a notification for this product.
    pagup Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) Affected: 0 , ≤ 2.1.0 (semver)
    Create a notification for this product.
    xplodedthemes XT Quick View for WooCommerce Affected: 0 , ≤ 2.1.5 (semver)
    Create a notification for this product.
    pluginscafe Smart phone field for Gravity Forms Affected: 0 , ≤ 2.1.6 (semver)
    Create a notification for this product.
    fooplugins Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Affected: 0 , ≤ 2.1.34 (semver)
    Create a notification for this product.
    bplugins PDF Poster – Display PDF Files with Custom Viewer Affected: 0 , ≤ 2.2.0 (semver)
    Create a notification for this product.
    nicheaddons Events Addon for Elementor Affected: 0 , ≤ 2.2.2 (semver)
    Create a notification for this product.
    bplugins HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player Affected: 0 , ≤ 2.2.27 (semver)
    Create a notification for this product.
    mte90 Glossary Affected: 0 , ≤ 2.2.38 (semver)
    Create a notification for this product.
    tickera Restrict – membership, site, content and user access restrictions for WordPress Affected: 0 , ≤ 2.3.0 (semver)
    Create a notification for this product.
    cyclonecode Custom PHP Settings Affected: 0 , ≤ 2.3.1 (semver)
    Create a notification for this product.
    prasadkirpekar WP Meta and Date Remover Affected: 0 , ≤ 2.3.4 (semver)
    Create a notification for this product.
    fullworks Anti-Spam Protection – No API Key, GDPR Friendly Affected: 0 , ≤ 2.3.7 (semver)
    Create a notification for this product.
    premmerce Premmerce Permalink Manager for WooCommerce Affected: 0 , ≤ 2.3.11 (semver)
    Create a notification for this product.
    smartwpress Music Player for Elementor – Audio Player & Podcast Player Affected: 0 , ≤ 2.4.1 (semver)
    Create a notification for this product.
    mhmrajib TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Affected: 0 , ≤ 2.4.1 (semver)
    Create a notification for this product.
    oceanwp Ocean Extra Affected: 0 , ≤ 2.4.2 (semver)
    Create a notification for this product.
    fooplugins Gallery by FooGallery Affected: 0 , ≤ 2.4.27 (semver)
    Create a notification for this product.
    plugins360 Automatic YouTube Gallery Affected: 0 , ≤ 2.5.5 (semver)
    Create a notification for this product.
    spiderdevs EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder Affected: 0 , ≤ 2.5.7 (semver)
    Create a notification for this product.
    samdani Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More Affected: 0 , ≤ 2.5.8 (semver)
    Create a notification for this product.
    tonyzeoli Radio Station by netmix® – Manage and play your Show Schedule in WordPress! Affected: 0 , ≤ 2.5.9 (semver)
    Create a notification for this product.
    kaira StoreCustomizer – A plugin to Customize all WooCommerce Pages Affected: 0 , ≤ 2.5.9 (semver)
    Create a notification for this product.
    wpjoli Joli Table Of Contents Affected: 0 , ≤ 2.6.0 (semver)
    Create a notification for this product.
    passionatebrains GA4WP – Analytics Dashboard for the Website Affected: 0 , ≤ 2.6.0 (semver)
    Create a notification for this product.
    nitin247 Place Order Without Payment for WooCommerce Affected: 0 , ≤ 2.6.5 (semver)
    Create a notification for this product.
    wordplus Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages Affected: 0 , ≤ 2.6.7 (semver)
    Create a notification for this product.
    mihail-barinov Share This Image Affected: 0 , ≤ 2.07 (semver)
    Create a notification for this product.
    inavii Inavii Social Feed Affected: 0 , ≤ 2.7.0 (semver)
    Create a notification for this product.
    fooplugins Lightbox & Modal Popup WordPress Plugin – FooBox Affected: 0 , ≤ 2.7.33 (semver)
    Create a notification for this product.
    xplodedthemes XT Floating Cart for WooCommerce Affected: 0 , ≤ 2.8.4 (semver)
    Create a notification for this product.
    takanakui WP Mobile Menu – The Mobile-Friendly Responsive Menu Affected: 0 , ≤ 2.8.6 (semver)
    Create a notification for this product.
    passionatebrains AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Affected: 0 , ≤ 2.9.2 (semver)
    Create a notification for this product.
    bensibley Independent Analytics Affected: 0 , ≤ 2.9.7 (semver)
    Create a notification for this product.
    codesavory Knowledge Base documentation & wiki plugin – BasePress Docs Affected: 0 , ≤ 2.16.3.3 (semver)
    Create a notification for this product.
    davidanderson Internal Link Juicer: SEO Auto Linker for WordPress Affected: 0 , ≤ 2.24.6 (semver)
    Create a notification for this product.
    josevega Bulk Edit Posts and Products in Spreadsheet Affected: 0 , ≤ 2.25.16 (semver)
    Create a notification for this product.
    saadiqbal Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Affected: 0 , ≤ 3.0.0 (semver)
    Create a notification for this product.
    tobiasbg TablePress – Tables in WordPress made easy Affected: 0 , ≤ 3.0.2 (semver)
    Create a notification for this product.
    bouncingsprout Ultimeter Affected: 0 , ≤ 3.0.5 (semver)
    Create a notification for this product.
    blackandwhitedigital TreePress – Easy Family Trees & Ancestor Profiles Affected: 0 , ≤ 3.0.6 (semver)
    Create a notification for this product.
    mattpramschufer Pay For Post with WooCommerce Affected: 0 , ≤ 3.1.26 (semver)
    Create a notification for this product.
    koen12344 Post to Google My Business (Google Business Profile) Affected: 0 , ≤ 3.1.28 (semver)
    Create a notification for this product.
    imtiazrayhan WP Coupons and Deals – Coupon Plugin For Affiliate Marketers Affected: 0 , ≤ 3.2.2 (semver)
    Create a notification for this product.
    pluginsware Advanced Classifieds & Directory Pro Affected: 0 , ≤ 3.2.4 (semver)
    Create a notification for this product.
    gallerycreator Mixed Media Gallery Blocks Affected: 0 , ≤ 3.2.4.4 (semver)
    Create a notification for this product.
    blockspare BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Affected: 0 , ≤ 3.2.6 (semver)
    Create a notification for this product.
    mhmrajib AidWP – Donation & Payment Forms (Stripe Powered) Affected: 0 , ≤ 3.2.6 (semver)
    Create a notification for this product.
    infornweb Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid Affected: 0 , ≤ 3.2.7 (semver)
    Create a notification for this product.
    pluginandplay Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Affected: 0 , ≤ 3.2.7 (semver)
    Create a notification for this product.
    samdani Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Affected: 0 , ≤ 3.2.8 (semver)
    Create a notification for this product.
    wpspeedo Team Members Showcase Affected: 0 , ≤ 3.3.0 (semver)
    Create a notification for this product.
    elespare EleSpare – News, Magazine and Blog Addons for Elementor Affected: 0 , ≤ 3.3.2 (semver)
    Create a notification for this product.
    infornweb Post List Designer – Category Post, Recent Post, Post List Affected: 0 , ≤ 3.3.7 (semver)
    Create a notification for this product.
    infornweb Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Affected: 0 , ≤ 3.4.9 (semver)
    Create a notification for this product.
    dashlabsltd YASR – Yet Another Star Rating Plugin for WordPress Affected: 0 , ≤ 3.4.12 (semver)
    Create a notification for this product.
    xplodedthemes WPIDE – File Manager & Code Editor Affected: 0 , ≤ 3.5.1 (semver)
    Create a notification for this product.
    premmerce Premmerce Product Filter for WooCommerce Affected: 0 , ≤ 3.7.3 (semver)
    Create a notification for this product.
    afthemes WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Affected: 0 , ≤ 3.8.3 (semver)
    Create a notification for this product.
    wpmagics Delete Posts automatically Affected: 0 , ≤ 3.9.6 (semver)
    Create a notification for this product.
    takanakui Menu Image, Icons made easy Affected: 0 , ≤ 3.12 (semver)
    Create a notification for this product.
    passionatebrains AWCA – The Great Analytics Insights for Your eStore Affected: 0 , ≤ 3.12.0 (semver)
    Create a notification for this product.
    mikewire_rocksolid Announcement & Notification Banner – Bulletin Affected: 0 , ≤ 3.12.1 (semver)
    Create a notification for this product.
    nitin247 Thank You Page for WooCommerce Affected: 0 , ≤ 4.2.0 (semver)
    Create a notification for this product.
    webheadllc Contact Form 7 Multi-Step Forms Affected: 0 , ≤ 4.4.1 (semver)
    Create a notification for this product.
    speedify Auto-Install Free SSL – Generate & Install Free SSL Certificates Affected: 0 , ≤ 4.5.0 (semver)
    Create a notification for this product.
    mhmrajib WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes Affected: 0 , ≤ 4.6.8 (semver)
    Create a notification for this product.
    webba-agency Easy Appointment Booking & Scheduling System – Webba Booking Calendar Affected: 0 , ≤ 5.0.57 (semver)
    Create a notification for this product.
    invisnet WP fail2ban – Advanced Security Affected: 0 , ≤ 5.3.4 (semver)
    Create a notification for this product.
    vinod-dalvi Ivory Search – WordPress Search Plugin Affected: 0 , ≤ 5.5.8 (semver)
    Create a notification for this product.
    peterschulznl WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards Affected: 0 , ≤ 5.5.31 (semver)
    Create a notification for this product.
    elliotvs Coupon Affiliates – Affiliate Plugin for WooCommerce Affected: 0 , ≤ 5.17.2 (semver)
    Create a notification for this product.
    cleverplugins Security Ninja – WordPress Security & Firewall Affected: 0 , ≤ 5.222 (semver)
    Create a notification for this product.
    theafricanboss Checkout with Cash App on WooCommerce Affected: 0 , ≤ 6.0.2 (semver)
    Create a notification for this product.
    fullworks Display Eventbrite Events Affected: 0 , ≤ 6.1.10 (semver)
    Create a notification for this product.
    mohsinoffline Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins Affected: 0 , ≤ 6.1.13 (semver)
    Create a notification for this product.
    sjaved Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Affected: 0 , ≤ 6.6.5 (semver)
    Create a notification for this product.
    gn_themes WP Shortcodes Plugin — Shortcodes Ultimate Affected: 0 , ≤ 7.3.3 (semver)
    Create a notification for this product.
    gowebsmarty WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Affected: 0 , ≤ 7.7.0 (semver)
    Create a notification for this product.
    tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto Affected: 0 , ≤ 8.0.7 (semver)
    Create a notification for this product.
    Credits
    Asaf Mozes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T13:23:14.835839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T13:23:26.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Go Fetch Jobs (for WP Job Manager)",
              "vendor": "sebet",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4.8.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dynamic Copyright Year",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Code Manager",
              "vendor": "peterschulznl",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Advanced Scrollbar \u2013 Custom Scrollbar Styling and Behavior",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Goal Tracker \u2013 Custom Event Tracking for GA4",
              "vendor": "yuvalo",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Tablesome Table \u2013 Contact Form DB \u2013 WPForms, CF7, Gravity, Forminator, Fluent",
              "vendor": "essekia",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Page Templates",
              "vendor": "josevega",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Payment Gateway for ACBA BANK",
              "vendor": "hkdigitalagency",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dracula Dark Mode \u2013  Accessibility, Reading Mode \u0026 Dark Mode for WordPress",
              "vendor": "princeahmed",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Forumax \u2013 AI Powered Advanced Community Forum Plugin",
              "vendor": "spiderdevs",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Five-Star Ratings Shortcode",
              "vendor": "seezee",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.56",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Product Layouts for WooCommerce",
              "vendor": "oxilab",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meta Field Block \u2013 Display custom fields in the Block Editor without coding",
              "vendor": "mr2p",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Custom WooCommerce Checkout Fields Editor",
              "vendor": "themelocation",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Open User Map",
              "vendor": "100plugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Notification Bell",
              "vendor": "wpdever",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remove Add to Cart WooCommerce",
              "vendor": "themelocation",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "File Manager for Google Drive \u2013 Integrate Google Drive",
              "vendor": "princeahmed",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Marijuana Age Verify",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RevivePress \u2013 Keep your Old Content Evergreen",
              "vendor": "infosatech",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Restaurant \u0026 Cafe Addon for Elementor",
              "vendor": "nicheaddons",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Send Users Email \u2013 Email Subscribers, Email Marketing Newsletter",
              "vendor": "paretodigital",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unlimited Elements For Elementor",
              "vendor": "unitecms",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.140",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Role Based Pricing for Woo by Meow Crew",
              "vendor": "meowcrew",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Primary Addon for Elementor",
              "vendor": "nicheaddons",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Featured Images in RSS for Mailchimp \u0026 More",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Image Alt Text Manager \u2013 Bulk \u0026 Dynamic Alt Tags For image SEO Optimization + AI",
              "vendor": "wpsaad",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Message Filter for Contact Form 7",
              "vendor": "kofimokome",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Embedder for Google Reviews",
              "vendor": "paretodigital",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MapGeo \u2013 Interactive Geo Maps",
              "vendor": "interactivegeomaps",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WPBITS Addons For Elementor Page Builder",
              "vendor": "wpbits",
              "versions": [
                {
                  "lessThanOrEqual": "1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Widgets on Pages",
              "vendor": "toddhalfpenny",
              "versions": [
                {
                  "lessThanOrEqual": "1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Spotlight Social Feeds \u2013 Block, Shortcode, and Widget",
              "vendor": "rebelcode",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WOW Styler for CF7 \u2013 Visual Styler for Contact Form 7 Forms",
              "vendor": "tobias_conrad",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AI Bud \u2013 AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o",
              "vendor": "webfactory",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Text To Speech TTS Accessibility",
              "vendor": "hasanazizul",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.34",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Easy Age Verify",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AI Puffer \u2013 Chat. Create. Automate. (formerly AI Power)",
              "vendor": "senols",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.99",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Justified Gallery",
              "vendor": "damian-gora",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Mapster WP Maps",
              "vendor": "mapster",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "StreamWeasels Twitch Integration",
              "vendor": "streamweasels",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XT Variation Swatches for WooCommerce",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "bBlocks \u2013 Essential Gutenberg Blocks \u0026 Patterns Collection",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "URL Shortify \u2013 Simple and Easy URL Shortener",
              "vendor": "kaizencoders",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Kikote \u2013 Location Picker at Checkout \u0026 Google Address AutoFill Plugin for WooCommerce",
              "vendor": "uriahs-victor",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Geo Mashup",
              "vendor": "cyberhobo",
              "versions": [
                {
                  "lessThanOrEqual": "1.13.15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Disable Payment Methods based on cart conditions for WooCommerce",
              "vendor": "josevega",
              "versions": [
                {
                  "lessThanOrEqual": "1.16.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Automatic Internal Links for SEO by Pagup",
              "vendor": "pagup",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Full Screen Background",
              "vendor": "enweby",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Master Addons For Elementor \u2013 Widgets, Extensions, Theme Builder, Popup Builder \u0026 Template Kits",
              "vendor": "litonice13",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player",
              "vendor": "princeahmed",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.82",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Carousel, Recent Post Slider and Banner Slider",
              "vendor": "spicethemes",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)",
              "vendor": "pagup",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XT Quick View for WooCommerce",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Smart phone field for Gravity Forms",
              "vendor": "pluginscafe",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Notification Bar, Announcement and Cookie Notice WordPress Plugin \u2013 FooBar",
              "vendor": "fooplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.34",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PDF Poster \u2013 Display PDF Files with Custom Viewer",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Events Addon for Elementor",
              "vendor": "nicheaddons",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 \u0026 Audio Player",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.27",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Glossary",
              "vendor": "mte90",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.38",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Restrict \u2013 membership, site, content and user access restrictions for WordPress",
              "vendor": "tickera",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Custom PHP Settings",
              "vendor": "cyclonecode",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Meta and Date Remover",
              "vendor": "prasadkirpekar",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Anti-Spam Protection \u2013 No API Key, GDPR Friendly",
              "vendor": "fullworks",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Permalink Manager for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Music Player for Elementor \u2013 Audio Player \u0026 Podcast Player",
              "vendor": "smartwpress",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TopNewsWp \u2013 Display Tikcer News, RSS Feed Widget and Many More",
              "vendor": "mhmrajib",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ocean Extra",
              "vendor": "oceanwp",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gallery by FooGallery",
              "vendor": "fooplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.27",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Automatic YouTube Gallery",
              "vendor": "plugins360",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EazyDocs \u2013 AI Powered Knowledge Base, Wiki, Documentation \u0026 FAQ Builder",
              "vendor": "spiderdevs",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Team Members \u2013 A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More",
              "vendor": "samdani",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress!",
              "vendor": "tonyzeoli",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "StoreCustomizer \u2013 A plugin to Customize all WooCommerce Pages",
              "vendor": "kaira",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Joli Table Of Contents",
              "vendor": "wpjoli",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GA4WP \u2013 Analytics Dashboard for the Website",
              "vendor": "passionatebrains",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Place Order Without Payment for WooCommerce",
              "vendor": "nitin247",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Better Messages \u2013 Live Chat, Chat Rooms, Real-Time Messaging \u0026 Private Messages",
              "vendor": "wordplus",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Share This Image",
              "vendor": "mihail-barinov",
              "versions": [
                {
                  "lessThanOrEqual": "2.07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Inavii Social Feed",
              "vendor": "inavii",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Lightbox \u0026 Modal Popup WordPress Plugin \u2013 FooBox",
              "vendor": "fooplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.33",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XT Floating Cart for WooCommerce",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu",
              "vendor": "takanakui",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading \u0026 Image Optimization",
              "vendor": "passionatebrains",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Independent Analytics",
              "vendor": "bensibley",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Knowledge Base documentation \u0026 wiki plugin \u2013 BasePress Docs",
              "vendor": "codesavory",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Internal Link Juicer: SEO Auto Linker for WordPress",
              "vendor": "davidanderson",
              "versions": [
                {
                  "lessThanOrEqual": "2.24.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Bulk Edit Posts and Products in Spreadsheet",
              "vendor": "josevega",
              "versions": [
                {
                  "lessThanOrEqual": "2.25.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post SMTP \u2013 Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP \u0026 Mobile App",
              "vendor": "saadiqbal",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TablePress \u2013 Tables in WordPress made easy",
              "vendor": "tobiasbg",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ultimeter",
              "vendor": "bouncingsprout",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TreePress \u2013 Easy Family Trees \u0026 Ancestor Profiles",
              "vendor": "blackandwhitedigital",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Pay For Post with WooCommerce",
              "vendor": "mattpramschufer",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post to Google My Business (Google Business Profile)",
              "vendor": "koen12344",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Coupons and Deals \u2013 Coupon Plugin For Affiliate Marketers",
              "vendor": "imtiazrayhan",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Advanced Classifieds \u0026 Directory Pro",
              "vendor": "pluginsware",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Mixed Media Gallery Blocks",
              "vendor": "gallerycreator",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BlockSpare \u2014 News, Magazine and Blog Addons for (Gutenberg) Block Editor",
              "vendor": "blockspare",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AidWP \u2013 Donation \u0026 Payment Forms (Stripe Powered)",
              "vendor": "mhmrajib",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Logo Showcase \u2013 Responsive Logo Carousel, Logo Slider \u0026 Logo Grid",
              "vendor": "infornweb",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post Slider and Post Carousel with Post Vertical Scrolling Widget \u2013 A Responsive Post Slider",
              "vendor": "pluginandplay",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Solid Testimonials \u2013 Testimonial Slider, Video Testimonials \u0026 Customer Reviews",
              "vendor": "samdani",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Team Members Showcase",
              "vendor": "wpspeedo",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EleSpare \u2013 News, Magazine and Blog Addons for Elementor",
              "vendor": "elespare",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post List Designer \u2013 Category Post, Recent Post, Post List",
              "vendor": "infornweb",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Blog Designer Pack \u2013 Blog, Post Grid, Post Slider, Post Carousel, Category Post, News",
              "vendor": "infornweb",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "YASR \u2013 Yet Another Star Rating Plugin for WordPress",
              "vendor": "dashlabsltd",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WPIDE \u2013 File Manager \u0026 Code Editor",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "3.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Product Filter for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Post Author \u2013 Author Box, Multiple Authors, Guest Authors \u0026 Custom Avatars",
              "vendor": "afthemes",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Delete Posts automatically",
              "vendor": "wpmagics",
              "versions": [
                {
                  "lessThanOrEqual": "3.9.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Menu Image, Icons made easy",
              "vendor": "takanakui",
              "versions": [
                {
                  "lessThanOrEqual": "3.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AWCA \u2013 The Great Analytics Insights for Your eStore",
              "vendor": "passionatebrains",
              "versions": [
                {
                  "lessThanOrEqual": "3.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Announcement \u0026 Notification Banner \u2013 Bulletin",
              "vendor": "mikewire_rocksolid",
              "versions": [
                {
                  "lessThanOrEqual": "3.12.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Thank You Page for WooCommerce",
              "vendor": "nitin247",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Contact Form 7 Multi-Step Forms",
              "vendor": "webheadllc",
              "versions": [
                {
                  "lessThanOrEqual": "4.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Auto-Install Free SSL \u2013 Generate \u0026 Install Free SSL Certificates",
              "vendor": "speedify",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Books Gallery \u2013 Build Stunning Book Showcases \u0026 Libraries in Minutes",
              "vendor": "mhmrajib",
              "versions": [
                {
                  "lessThanOrEqual": "4.6.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Easy Appointment Booking \u0026 Scheduling System \u2013 Webba Booking Calendar",
              "vendor": "webba-agency",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.57",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP fail2ban \u2013 Advanced Security",
              "vendor": "invisnet",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ivory Search \u2013 WordPress Search Plugin",
              "vendor": "vinod-dalvi",
              "versions": [
                {
                  "lessThanOrEqual": "5.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Data Access \u2013 App Builder for Tables, Forms, Charts, Maps \u0026 Dashboards",
              "vendor": "peterschulznl",
              "versions": [
                {
                  "lessThanOrEqual": "5.5.31",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce",
              "vendor": "elliotvs",
              "versions": [
                {
                  "lessThanOrEqual": "5.17.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Security Ninja \u2013 WordPress Security \u0026 Firewall",
              "vendor": "cleverplugins",
              "versions": [
                {
                  "lessThanOrEqual": "5.222",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Checkout with Cash App on WooCommerce",
              "vendor": "theafricanboss",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Display Eventbrite Events",
              "vendor": "fullworks",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins",
              "vendor": "mohsinoffline",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Easy Social Feed \u2013 Social Photos Gallery and Post Feed for WordPress",
              "vendor": "sjaved",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate",
              "vendor": "gn_themes",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Encryption \u2013 One Click Free SSL Certificate \u0026 SSL / HTTPS Redirect, Security \u0026 SSL Scan",
              "vendor": "gowebsmarty",
              "versions": [
                {
                  "lessThanOrEqual": "7.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto",
              "vendor": "tripetto",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asaf Mozes"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-01T05:29:54.148Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pricing-page/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3235286/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3249130/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3229060/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-30T17:32:32.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-04-30T17:17:30.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Freemius \u003c= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-13362",
        "datePublished": "2026-05-01T05:29:54.148Z",
        "dateReserved": "2025-01-13T18:08:47.439Z",
        "dateUpdated": "2026-05-01T13:23:26.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32541 (GCVE-0-2026-32541)

    Vulnerability from nvd – Published: 2026-03-25 16:15 – Updated: 2026-04-29 09:52
    VLAI
    Title
    WordPress Premmerce Redirect Manager plugin <= 1.0.12 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Redirect Manager Affected: n/a , ≤ <= 1.0.12 (custom)
    Create a notification for this product.
    Date Public
    2026-03-25 17:12
    Credits
    Que Thanh Tuan | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T13:13:58.190442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T13:15:12.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-redirect-manager",
              "product": "Premmerce Redirect Manager",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.0.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "\u003c= 1.0.12",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Que Thanh Tuan | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-03-25T17:12:43.510Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Premmerce Redirect Manager: from n/a through \u003c= 1.0.12.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through \u003c= 1.0.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T09:52:01.501Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-redirect-manager/vulnerability/wordpress-premmerce-redirect-manager-plugin-1-0-12-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Redirect Manager plugin \u003c= 1.0.12 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-32541",
        "datePublished": "2026-03-25T16:15:11.437Z",
        "dateReserved": "2026-03-12T11:12:34.193Z",
        "dateUpdated": "2026-04-29T09:52:01.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0555 (GCVE-0-2026-0555)

    Vulnerability from nvd – Published: 2026-02-07 08:26 – Updated: 2026-04-08 17:06
    VLAI
    Title
    Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint
    Summary
    The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Affected: 0 , ≤ 1.3.20 (semver)
    Create a notification for this product.
    Credits
    Athiwat Tiprasaharn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0555",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T15:37:24.102754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T15:46:04.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027premmerce_wizard_actions\u0027 AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:06:48.770Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90b2a644-19a0-43a1-8ff6-7486d7ef29b3?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/Admin.php?marks=41#L41"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/Handlers/WizardHandler.php?marks=42,50,52#L42"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Api/WizardApi.php?marks=38#L38"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/views/admin/tabs/wizard.php?marks=30#L30"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3464825/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-24T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-02-06T20:25:58.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce \u003c= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via \u0027premmerce_wizard_actions\u0027 AJAX Endpoint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0555",
        "datePublished": "2026-02-07T08:26:38.893Z",
        "dateReserved": "2026-01-01T20:56:47.477Z",
        "dateUpdated": "2026-04-08T17:06:48.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13369 (GCVE-0-2025-13369)

    Vulnerability from nvd – Published: 2026-01-07 07:17 – Updated: 2026-04-08 17:10
    VLAI
    Title
    Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting
    Summary
    The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Athiwat Tiprasaharn Itthidej Aramsri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T14:50:12.714992Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:13:15.887Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce WooCommerce Customers Manager",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Itthidej Aramsri"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027money_spent_from\u0027, \u0027money_spent_to\u0027, \u0027registered_from\u0027, and \u0027registered_to\u0027 parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:10:54.953Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9980ec20-60ae-42eb-a2cd-146e57435398?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/src/Admin/Admin.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/src/Admin/Admin.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/views/admin/filter.php#L43"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/views/admin/filter.php#L43"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3465273/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-06T18:36:11.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce WooCommerce Customers Manager \u003c= 1.1.14 - Reflected Cross-Site Scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-13369",
        "datePublished": "2026-01-07T07:17:33.843Z",
        "dateReserved": "2025-11-18T18:03:13.649Z",
        "dateUpdated": "2026-04-08T17:10:54.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13440 (GCVE-0-2025-13440)

    Vulnerability from nvd – Published: 2025-12-12 03:20 – Updated: 2026-04-08 17:09
    VLAI
    Title
    Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion
    Summary
    The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Wishlist for WooCommerce Affected: 0 , ≤ 1.1.10 (semver)
    Create a notification for this product.
    Credits
    Abhirup Konwar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13440",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T20:11:44.023221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T18:13:29.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Wishlist for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abhirup Konwar"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:09:37.959Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9347900c-61c2-4d63-885e-e971c646b737?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wishlist/trunk/src/Admin/Admin.php#L334"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wishlist/tags/1.1.10/src/Admin/Admin.php#L334"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3426971/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-11T15:05:19.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Wishlist for WooCommerce \u003c= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-13440",
        "datePublished": "2025-12-12T03:20:50.767Z",
        "dateReserved": "2025-11-19T19:06:21.133Z",
        "dateUpdated": "2026-04-08T17:09:37.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12783 (GCVE-0-2025-12783)

    Vulnerability from nvd – Published: 2025-12-12 03:20 – Updated: 2026-04-08 16:57
    VLAI
    Title
    Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update
    Summary
    The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Brands for WooCommerce Affected: 0 , ≤ 1.2.13 (semver)
    Create a notification for this product.
    Credits
    Athiwat Tiprasaharn Powpy
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T17:49:59.867919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T18:15:15.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Brands for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Powpy"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:57:47.844Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6560ba0b-2190-4d30-b0c4-f07d524ccfde?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-brands/tags/1.2.13/src/Admin/Admin.php#L101"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3465319/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-28T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-12-11T14:30:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Brands for WooCommerce \u003c= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-12783",
        "datePublished": "2025-12-12T03:20:47.249Z",
        "dateReserved": "2025-11-05T22:32:16.722Z",
        "dateUpdated": "2026-04-08T16:57:47.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12411 (GCVE-0-2025-12411)

    Vulnerability from nvd – Published: 2025-11-18 08:27 – Updated: 2026-04-08 16:40
    VLAI
    Title
    Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection
    Summary
    The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php "premmerce_update_price_type" action, causing cosmetic corruption of the admin interface. The 'price_type' parameter of the "premmerce_delete_price_type" is also vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Powpy
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:17.699297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:18.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Wholesale Pricing for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Powpy"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the \u0027ID\u0027 parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php \"premmerce_update_price_type\" action, causing cosmetic corruption of the admin interface. The \u0027price_type\u0027 parameter of the \"premmerce_delete_price_type\" is also vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:40:46.504Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e4e27e0-bbb0-498a-b425-9e9d60dfed0f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Models/Model.php#L171"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Admin/Admin.php#L83"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3465244/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-17T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-11-17T20:08:58.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Wholesale Pricing for WooCommerce \u003c= 1.1.10 - Authenticated (Subscriber+) SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-12411",
        "datePublished": "2025-11-18T08:27:30.246Z",
        "dateReserved": "2025-10-28T15:27:58.347Z",
        "dateUpdated": "2026-04-08T16:40:46.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60241 (GCVE-0-2025-60241)

    Vulnerability from nvd – Published: 2025-11-06 15:55 – Updated: 2026-04-28 18:43
    VLAI
    Title
    WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Affected: 0 , ≤ 1.3.19 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:00
    Credits
    Ryan Novotny | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T14:18:27.153374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T18:43:56.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce",
              "product": "Premmerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Novotny | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:00:26.789Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce: from n/a through \u003c= 1.3.19.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through \u003c= 1.3.19."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:58.538Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce/vulnerability/wordpress-premmerce-plugin-1-3-19-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce plugin \u003c= 1.3.19 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60241",
        "datePublished": "2025-11-06T15:55:13.362Z",
        "dateReserved": "2025-09-25T15:34:44.964Z",
        "dateUpdated": "2026-04-28T18:43:56.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60194 (GCVE-0-2025-60194)

    Vulnerability from nvd – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60194",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:04:45.951731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:04:49.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-search",
              "product": "Premmerce Product Search for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:54.994Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.032Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Product Search for WooCommerce plugin \u003c= 2.2.4 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60194",
        "datePublished": "2025-11-06T15:54:50.878Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60193 (GCVE-0-2025-60193)

    Vulnerability from nvd – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce User Roles Affected: 0 , ≤ 1.0.13 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:04:56.500263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:04:59.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-user-roles",
              "product": "Premmerce User Roles",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.0.14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.0.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:54.993Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.088Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-user-roles/vulnerability/wordpress-premmerce-user-roles-plugin-1-0-13-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce User Roles plugin \u003c= 1.0.13 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60193",
        "datePublished": "2025-11-06T15:54:49.770Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60192 (GCVE-0-2025-60192)

    Vulnerability from nvd – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:05:10.108452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:05:12.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-woocommerce-wholesale-pricing",
              "product": "Premmerce Wholesale Pricing for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.1.11",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:55.868Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.079Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wholesale-pricing/vulnerability/wordpress-premmerce-wholesale-pricing-for-woocommerce-plugin-1-1-10-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Wholesale Pricing for WooCommerce plugin \u003c= 1.1.10 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60192",
        "datePublished": "2025-11-06T15:54:49.257Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60191 (GCVE-0-2025-60191)

    Vulnerability from nvd – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through <= 1.1.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Wishlist for WooCommerce Affected: 0 , ≤ 1.1.10 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60191",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:05:22.842628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:05:25.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-woocommerce-wishlist",
              "product": "Premmerce Wishlist for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.1.11",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:55.220Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Wishlist for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through \u003c= 1.1.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.104Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wishlist/vulnerability/wordpress-premmerce-wishlist-for-woocommerce-plugin-1-1-10-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Wishlist for WooCommerce plugin \u003c= 1.1.10 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60191",
        "datePublished": "2025-11-06T15:54:48.713Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64291 (GCVE-0-2025-64291)

    Vulnerability from nvd – Published: 2025-10-29 08:38 – Updated: 2026-04-28 18:30
    VLAI
    Title
    WordPress Premmerce User Roles plugin <= 1.0.13 - Cross Site Scripting (XSS) vulnerability
    Summary
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce User Roles Affected: 0 , ≤ 1.0.13 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:01
    Credits
    Nabil Irawan | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64291",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T14:18:31.246536Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T18:30:00.996Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-user-roles",
              "product": "Premmerce User Roles",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.0.14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.0.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nabil Irawan | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:01:15.621Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.\u003cp\u003eThis issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13.\u003c/p\u003e"
                }
              ],
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-592",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Stored XSS"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:14:13.959Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-user-roles/vulnerability/wordpress-premmerce-user-roles-plugin-1-0-13-cross-site-scripting-xss-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce User Roles plugin \u003c= 1.0.13 - Cross Site Scripting (XSS) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-64291",
        "datePublished": "2025-10-29T08:38:15.757Z",
        "dateReserved": "2025-10-29T03:29:08.850Z",
        "dateUpdated": "2026-04-28T18:30:00.996Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-64290 (GCVE-0-2025-64290)

    Vulnerability from nvd – Published: 2025-10-29 08:38 – Updated: 2026-04-28 16:14
    VLAI
    Title
    WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Date Public
    2026-04-22 14:25
    Credits
    Nabil Irawan | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-64290",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-29T14:20:42.559425Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T15:46:22.629Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-search",
              "product": "Premmerce Product Search for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nabil Irawan | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:25:06.208Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.\u003cp\u003eThis issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-62",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Cross Site Request Forgery"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:14:13.796Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Product Search for WooCommerce plugin \u003c= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-64290",
        "datePublished": "2025-10-29T08:38:15.299Z",
        "dateReserved": "2025-10-29T03:29:08.850Z",
        "dateUpdated": "2026-04-28T16:14:13.796Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-54849 (GCVE-0-2026-54849)

    Vulnerability from cvelistv5 – Published: 2026-06-25 13:12 – Updated: 2026-06-25 14:52
    VLAI
    Title
    WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability
    Summary
    Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Wishlist for WooCommerce Affected: n/a , ≤ 1.1.11 (custom)
    Create a notification for this product.
    Credits
    hhhai | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-54849",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T14:51:53.961454Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T14:52:00.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-woocommerce-wishlist",
              "product": "Premmerce Wishlist for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.1.12",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.1.11",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "hhhai | Patchstack Bug Bounty Program"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce \u003c= 1.1.11 versions."
                }
              ],
              "value": "Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce \u003c= 1.1.11 versions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-7",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-7 Blind SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T13:12:36.841Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/wordpress/plugin/premmerce-woocommerce-wishlist/vulnerability/wordpress-premmerce-wishlist-for-woocommerce-plugin-1-1-11-sql-injection-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update the WordPress Premmerce Wishlist for WooCommerce Plugin to the latest available version (at least 1.1.12)."
                }
              ],
              "value": "Update the WordPress Premmerce Wishlist for WooCommerce Plugin to the latest available version (at least 1.1.12)."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Premmerce Wishlist for WooCommerce plugin \u003c= 1.1.11 - SQL Injection vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-54849",
        "datePublished": "2026-06-25T13:12:36.841Z",
        "dateReserved": "2026-06-16T09:22:02.525Z",
        "dateUpdated": "2026-06-25T14:52:00.964Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-6933 (GCVE-0-2026-6933)

    Vulnerability from cvelistv5 – Published: 2026-06-16 04:30 – Updated: 2026-06-16 14:52
    VLAI
    Title
    Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation
    Summary
    The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the 'createFromStub' function performing unsanitized string substitution of the 'premmerce_plugin_namespace' parameter directly into PHP stub files written to the wp-content/plugins/ directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Dev Tools Affected: 0 , ≤ 2.0 (semver)
    Create a notification for this product.
    Credits
    Nabil Irawan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-6933",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T14:52:16.221107Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-16T14:52:26.336Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Dev Tools",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nabil Irawan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the \u0027generatePluginHandler\u0027 function lacking any authorization check before processing user-supplied POST data, combined with the \u0027createFromStub\u0027 function performing unsanitized string substitution of the \u0027premmerce_plugin_namespace\u0027 parameter directly into PHP stub files written to the wp-content/plugins/ directory. An attacker can inject a semicolon followed by arbitrary PHP code into the namespace parameter, causing the generated plugin file to contain and execute that code when accessed via HTTP. This makes it possible for authenticated attackers with Subscriber-level access and above to create arbitrary PHP files on the server and achieve remote code execution."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T04:30:16.548Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c43c060b-7a18-49ee-a753-ae1ed2f7e04d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/PluginGenerator/PluginGenerator.php#L125"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/PluginGenerator/PluginGenerator.php#L125"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/Admin/Admin.php#L107"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/Admin/Admin.php#L107"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/trunk/src/PluginGenerator/PluginData.php#L97"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-dev-tools/tags/2.0/src/PluginGenerator/PluginData.php#L97"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-15T16:26:34.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Dev Tools \u003c= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-6933",
        "datePublished": "2026-06-16T04:30:16.548Z",
        "dateReserved": "2026-04-23T18:26:15.473Z",
        "dateUpdated": "2026-06-16T14:52:26.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-13362 (GCVE-0-2024-13362)

    Vulnerability from cvelistv5 – Published: 2026-05-01 05:29 – Updated: 2026-05-01 13:23
    VLAI
    Title
    Freemius <= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter
    Summary
    Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    sebet Go Fetch Jobs (for WP Job Manager) Affected: 0 , ≤ 1.8.4.8.1 (semver)
    Create a notification for this product.
    5starplugins Dynamic Copyright Year Affected: 0 , ≤ 1.0.4 (semver)
    Create a notification for this product.
    peterschulznl Code Manager Affected: 0 , ≤ 1.0.40 (semver)
    Create a notification for this product.
    bplugins Advanced Scrollbar – Custom Scrollbar Styling and Behavior Affected: 0 , ≤ 1.1.3 (semver)
    Create a notification for this product.
    yuvalo Goal Tracker – Custom Event Tracking for GA4 Affected: 0 , ≤ 1.1.5 (semver)
    Create a notification for this product.
    essekia Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent Affected: 0 , ≤ 1.1.13 (semver)
    Create a notification for this product.
    josevega WP Page Templates Affected: 0 , ≤ 1.1.16 (semver)
    Create a notification for this product.
    hkdigitalagency Payment Gateway for ACBA BANK Affected: 0 , ≤ 1.2.6 (semver)
    Create a notification for this product.
    princeahmed Dracula Dark Mode – Accessibility, Reading Mode & Dark Mode for WordPress Affected: 0 , ≤ 1.2.7 (semver)
    Create a notification for this product.
    spiderdevs Forumax – AI Powered Advanced Community Forum Plugin Affected: 0 , ≤ 1.2.7 (semver)
    Create a notification for this product.
    seezee Five-Star Ratings Shortcode Affected: 0 , ≤ 1.2.56 (semver)
    Create a notification for this product.
    oxilab Product Layouts for WooCommerce Affected: 0 , ≤ 1.3.1 (semver)
    Create a notification for this product.
    mr2p Meta Field Block – Display custom fields in the Block Editor without coding Affected: 0 , ≤ 1.3.3 (semver)
    Create a notification for this product.
    themelocation Custom WooCommerce Checkout Fields Editor Affected: 0 , ≤ 1.3.4 (semver)
    Create a notification for this product.
    100plugins Open User Map Affected: 0 , ≤ 1.4.0 (semver)
    Create a notification for this product.
    wpdever WP Notification Bell Affected: 0 , ≤ 1.4.2 (semver)
    Create a notification for this product.
    themelocation Remove Add to Cart WooCommerce Affected: 0 , ≤ 1.4.7 (semver)
    Create a notification for this product.
    princeahmed File Manager for Google Drive – Integrate Google Drive Affected: 0 , ≤ 1.4.9 (semver)
    Create a notification for this product.
    5starplugins Marijuana Age Verify Affected: 0 , ≤ 1.5.5 (semver)
    Create a notification for this product.
    infosatech RevivePress – Keep your Old Content Evergreen Affected: 0 , ≤ 1.5.8 (semver)
    Create a notification for this product.
    nicheaddons Restaurant & Cafe Addon for Elementor Affected: 0 , ≤ 1.5.8 (semver)
    Create a notification for this product.
    paretodigital Send Users Email – Email Subscribers, Email Marketing Newsletter Affected: 0 , ≤ 1.5.10 (semver)
    Create a notification for this product.
    unitecms Unlimited Elements For Elementor Affected: 0 , ≤ 1.5.140 (semver)
    Create a notification for this product.
    meowcrew Role Based Pricing for Woo by Meow Crew Affected: 0 , ≤ 1.6.0 (semver)
    Create a notification for this product.
    nicheaddons Primary Addon for Elementor Affected: 0 , ≤ 1.6.0 (semver)
    Create a notification for this product.
    5starplugins Featured Images in RSS for Mailchimp & More Affected: 0 , ≤ 1.6.3 (semver)
    Create a notification for this product.
    wpsaad Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI Affected: 0 , ≤ 1.6.3 (semver)
    Create a notification for this product.
    kofimokome Message Filter for Contact Form 7 Affected: 0 , ≤ 1.6.3.2 (semver)
    Create a notification for this product.
    paretodigital Embedder for Google Reviews Affected: 0 , ≤ 1.6.6 (semver)
    Create a notification for this product.
    interactivegeomaps MapGeo – Interactive Geo Maps Affected: 0 , ≤ 1.6.22 (semver)
    Create a notification for this product.
    wpbits WPBITS Addons For Elementor Page Builder Affected: 0 , ≤ 1.7 (semver)
    Create a notification for this product.
    toddhalfpenny Widgets on Pages Affected: 0 , ≤ 1.7 (semver)
    Create a notification for this product.
    rebelcode Spotlight Social Feeds – Block, Shortcode, and Widget Affected: 0 , ≤ 1.7.0 (semver)
    Create a notification for this product.
    tobias_conrad WOW Styler for CF7 – Visual Styler for Contact Form 7 Forms Affected: 0 , ≤ 1.7.0 (semver)
    Create a notification for this product.
    webfactory AI Bud – AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o Affected: 0 , ≤ 1.7.2 (semver)
    Create a notification for this product.
    hasanazizul Text To Speech TTS Accessibility Affected: 0 , ≤ 1.7.34 (semver)
    Create a notification for this product.
    5starplugins Easy Age Verify Affected: 0 , ≤ 1.8.5 (semver)
    Create a notification for this product.
    senols AI Puffer – Chat. Create. Automate. (formerly AI Power) Affected: 0 , ≤ 1.8.99 (semver)
    Create a notification for this product.
    damian-gora Justified Gallery Affected: 0 , ≤ 1.9.0 (semver)
    Create a notification for this product.
    mapster Mapster WP Maps Affected: 0 , ≤ 1.9.0 (semver)
    Create a notification for this product.
    streamweasels StreamWeasels Twitch Integration Affected: 0 , ≤ 1.9.2 (semver)
    Create a notification for this product.
    xplodedthemes XT Variation Swatches for WooCommerce Affected: 0 , ≤ 1.9.4 (semver)
    Create a notification for this product.
    bplugins bBlocks – Essential Gutenberg Blocks & Patterns Collection Affected: 0 , ≤ 1.9.8 (semver)
    Create a notification for this product.
    kaizencoders URL Shortify – Simple and Easy URL Shortener Affected: 0 , ≤ 1.10.4 (semver)
    Create a notification for this product.
    uriahs-victor Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce Affected: 0 , ≤ 1.10.6 (semver)
    Create a notification for this product.
    cyberhobo Geo Mashup Affected: 0 , ≤ 1.13.15 (semver)
    Create a notification for this product.
    josevega Disable Payment Methods based on cart conditions for WooCommerce Affected: 0 , ≤ 1.16.3 (semver)
    Create a notification for this product.
    pagup Automatic Internal Links for SEO by Pagup Affected: 0 , ≤ 2.0.0 (semver)
    Create a notification for this product.
    enweby Full Screen Background Affected: 0 , ≤ 2.0.2 (semver)
    Create a notification for this product.
    litonice13 Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits Affected: 0 , ≤ 2.0.7.2 (semver)
    Create a notification for this product.
    princeahmed Radio Player – Live Shoutcast, Icecast and Any Audio Stream Player Affected: 0 , ≤ 2.0.82 (semver)
    Create a notification for this product.
    spicethemes Carousel, Recent Post Slider and Banner Slider Affected: 0 , ≤ 2.1 (semver)
    Create a notification for this product.
    pagup Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) Affected: 0 , ≤ 2.1.0 (semver)
    Create a notification for this product.
    xplodedthemes XT Quick View for WooCommerce Affected: 0 , ≤ 2.1.5 (semver)
    Create a notification for this product.
    pluginscafe Smart phone field for Gravity Forms Affected: 0 , ≤ 2.1.6 (semver)
    Create a notification for this product.
    fooplugins Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar Affected: 0 , ≤ 2.1.34 (semver)
    Create a notification for this product.
    bplugins PDF Poster – Display PDF Files with Custom Viewer Affected: 0 , ≤ 2.2.0 (semver)
    Create a notification for this product.
    nicheaddons Events Addon for Elementor Affected: 0 , ≤ 2.2.2 (semver)
    Create a notification for this product.
    bplugins HTML5 Audio Player – The Ultimate No-Code Podcast, MP3 & Audio Player Affected: 0 , ≤ 2.2.27 (semver)
    Create a notification for this product.
    mte90 Glossary Affected: 0 , ≤ 2.2.38 (semver)
    Create a notification for this product.
    tickera Restrict – membership, site, content and user access restrictions for WordPress Affected: 0 , ≤ 2.3.0 (semver)
    Create a notification for this product.
    cyclonecode Custom PHP Settings Affected: 0 , ≤ 2.3.1 (semver)
    Create a notification for this product.
    prasadkirpekar WP Meta and Date Remover Affected: 0 , ≤ 2.3.4 (semver)
    Create a notification for this product.
    fullworks Anti-Spam Protection – No API Key, GDPR Friendly Affected: 0 , ≤ 2.3.7 (semver)
    Create a notification for this product.
    premmerce Premmerce Permalink Manager for WooCommerce Affected: 0 , ≤ 2.3.11 (semver)
    Create a notification for this product.
    smartwpress Music Player for Elementor – Audio Player & Podcast Player Affected: 0 , ≤ 2.4.1 (semver)
    Create a notification for this product.
    mhmrajib TopNewsWp – Display Tikcer News, RSS Feed Widget and Many More Affected: 0 , ≤ 2.4.1 (semver)
    Create a notification for this product.
    oceanwp Ocean Extra Affected: 0 , ≤ 2.4.2 (semver)
    Create a notification for this product.
    fooplugins Gallery by FooGallery Affected: 0 , ≤ 2.4.27 (semver)
    Create a notification for this product.
    plugins360 Automatic YouTube Gallery Affected: 0 , ≤ 2.5.5 (semver)
    Create a notification for this product.
    spiderdevs EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder Affected: 0 , ≤ 2.5.7 (semver)
    Create a notification for this product.
    samdani Team Members – A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More Affected: 0 , ≤ 2.5.8 (semver)
    Create a notification for this product.
    tonyzeoli Radio Station by netmix® – Manage and play your Show Schedule in WordPress! Affected: 0 , ≤ 2.5.9 (semver)
    Create a notification for this product.
    kaira StoreCustomizer – A plugin to Customize all WooCommerce Pages Affected: 0 , ≤ 2.5.9 (semver)
    Create a notification for this product.
    wpjoli Joli Table Of Contents Affected: 0 , ≤ 2.6.0 (semver)
    Create a notification for this product.
    passionatebrains GA4WP – Analytics Dashboard for the Website Affected: 0 , ≤ 2.6.0 (semver)
    Create a notification for this product.
    nitin247 Place Order Without Payment for WooCommerce Affected: 0 , ≤ 2.6.5 (semver)
    Create a notification for this product.
    wordplus Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages Affected: 0 , ≤ 2.6.7 (semver)
    Create a notification for this product.
    mihail-barinov Share This Image Affected: 0 , ≤ 2.07 (semver)
    Create a notification for this product.
    inavii Inavii Social Feed Affected: 0 , ≤ 2.7.0 (semver)
    Create a notification for this product.
    fooplugins Lightbox & Modal Popup WordPress Plugin – FooBox Affected: 0 , ≤ 2.7.33 (semver)
    Create a notification for this product.
    xplodedthemes XT Floating Cart for WooCommerce Affected: 0 , ≤ 2.8.4 (semver)
    Create a notification for this product.
    takanakui WP Mobile Menu – The Mobile-Friendly Responsive Menu Affected: 0 , ≤ 2.8.6 (semver)
    Create a notification for this product.
    passionatebrains AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading & Image Optimization Affected: 0 , ≤ 2.9.2 (semver)
    Create a notification for this product.
    bensibley Independent Analytics Affected: 0 , ≤ 2.9.7 (semver)
    Create a notification for this product.
    codesavory Knowledge Base documentation & wiki plugin – BasePress Docs Affected: 0 , ≤ 2.16.3.3 (semver)
    Create a notification for this product.
    davidanderson Internal Link Juicer: SEO Auto Linker for WordPress Affected: 0 , ≤ 2.24.6 (semver)
    Create a notification for this product.
    josevega Bulk Edit Posts and Products in Spreadsheet Affected: 0 , ≤ 2.25.16 (semver)
    Create a notification for this product.
    saadiqbal Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App Affected: 0 , ≤ 3.0.0 (semver)
    Create a notification for this product.
    tobiasbg TablePress – Tables in WordPress made easy Affected: 0 , ≤ 3.0.2 (semver)
    Create a notification for this product.
    bouncingsprout Ultimeter Affected: 0 , ≤ 3.0.5 (semver)
    Create a notification for this product.
    blackandwhitedigital TreePress – Easy Family Trees & Ancestor Profiles Affected: 0 , ≤ 3.0.6 (semver)
    Create a notification for this product.
    mattpramschufer Pay For Post with WooCommerce Affected: 0 , ≤ 3.1.26 (semver)
    Create a notification for this product.
    koen12344 Post to Google My Business (Google Business Profile) Affected: 0 , ≤ 3.1.28 (semver)
    Create a notification for this product.
    imtiazrayhan WP Coupons and Deals – Coupon Plugin For Affiliate Marketers Affected: 0 , ≤ 3.2.2 (semver)
    Create a notification for this product.
    pluginsware Advanced Classifieds & Directory Pro Affected: 0 , ≤ 3.2.4 (semver)
    Create a notification for this product.
    gallerycreator Mixed Media Gallery Blocks Affected: 0 , ≤ 3.2.4.4 (semver)
    Create a notification for this product.
    blockspare BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor Affected: 0 , ≤ 3.2.6 (semver)
    Create a notification for this product.
    mhmrajib AidWP – Donation & Payment Forms (Stripe Powered) Affected: 0 , ≤ 3.2.6 (semver)
    Create a notification for this product.
    infornweb Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid Affected: 0 , ≤ 3.2.7 (semver)
    Create a notification for this product.
    pluginandplay Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider Affected: 0 , ≤ 3.2.7 (semver)
    Create a notification for this product.
    samdani Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews Affected: 0 , ≤ 3.2.8 (semver)
    Create a notification for this product.
    wpspeedo Team Members Showcase Affected: 0 , ≤ 3.3.0 (semver)
    Create a notification for this product.
    elespare EleSpare – News, Magazine and Blog Addons for Elementor Affected: 0 , ≤ 3.3.2 (semver)
    Create a notification for this product.
    infornweb Post List Designer – Category Post, Recent Post, Post List Affected: 0 , ≤ 3.3.7 (semver)
    Create a notification for this product.
    infornweb Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News Affected: 0 , ≤ 3.4.9 (semver)
    Create a notification for this product.
    dashlabsltd YASR – Yet Another Star Rating Plugin for WordPress Affected: 0 , ≤ 3.4.12 (semver)
    Create a notification for this product.
    xplodedthemes WPIDE – File Manager & Code Editor Affected: 0 , ≤ 3.5.1 (semver)
    Create a notification for this product.
    premmerce Premmerce Product Filter for WooCommerce Affected: 0 , ≤ 3.7.3 (semver)
    Create a notification for this product.
    afthemes WP Post Author – Author Box, Multiple Authors, Guest Authors & Custom Avatars Affected: 0 , ≤ 3.8.3 (semver)
    Create a notification for this product.
    wpmagics Delete Posts automatically Affected: 0 , ≤ 3.9.6 (semver)
    Create a notification for this product.
    takanakui Menu Image, Icons made easy Affected: 0 , ≤ 3.12 (semver)
    Create a notification for this product.
    passionatebrains AWCA – The Great Analytics Insights for Your eStore Affected: 0 , ≤ 3.12.0 (semver)
    Create a notification for this product.
    mikewire_rocksolid Announcement & Notification Banner – Bulletin Affected: 0 , ≤ 3.12.1 (semver)
    Create a notification for this product.
    nitin247 Thank You Page for WooCommerce Affected: 0 , ≤ 4.2.0 (semver)
    Create a notification for this product.
    webheadllc Contact Form 7 Multi-Step Forms Affected: 0 , ≤ 4.4.1 (semver)
    Create a notification for this product.
    speedify Auto-Install Free SSL – Generate & Install Free SSL Certificates Affected: 0 , ≤ 4.5.0 (semver)
    Create a notification for this product.
    mhmrajib WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes Affected: 0 , ≤ 4.6.8 (semver)
    Create a notification for this product.
    webba-agency Easy Appointment Booking & Scheduling System – Webba Booking Calendar Affected: 0 , ≤ 5.0.57 (semver)
    Create a notification for this product.
    invisnet WP fail2ban – Advanced Security Affected: 0 , ≤ 5.3.4 (semver)
    Create a notification for this product.
    vinod-dalvi Ivory Search – WordPress Search Plugin Affected: 0 , ≤ 5.5.8 (semver)
    Create a notification for this product.
    peterschulznl WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards Affected: 0 , ≤ 5.5.31 (semver)
    Create a notification for this product.
    elliotvs Coupon Affiliates – Affiliate Plugin for WooCommerce Affected: 0 , ≤ 5.17.2 (semver)
    Create a notification for this product.
    cleverplugins Security Ninja – WordPress Security & Firewall Affected: 0 , ≤ 5.222 (semver)
    Create a notification for this product.
    theafricanboss Checkout with Cash App on WooCommerce Affected: 0 , ≤ 6.0.2 (semver)
    Create a notification for this product.
    fullworks Display Eventbrite Events Affected: 0 , ≤ 6.1.10 (semver)
    Create a notification for this product.
    mohsinoffline Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins Affected: 0 , ≤ 6.1.13 (semver)
    Create a notification for this product.
    sjaved Easy Social Feed – Social Photos Gallery and Post Feed for WordPress Affected: 0 , ≤ 6.6.5 (semver)
    Create a notification for this product.
    gn_themes WP Shortcodes Plugin — Shortcodes Ultimate Affected: 0 , ≤ 7.3.3 (semver)
    Create a notification for this product.
    gowebsmarty WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL Scan Affected: 0 , ≤ 7.7.0 (semver)
    Create a notification for this product.
    tripetto WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto Affected: 0 , ≤ 8.0.7 (semver)
    Create a notification for this product.
    Credits
    Asaf Mozes
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13362",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-01T13:23:14.835839Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-01T13:23:26.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Go Fetch Jobs (for WP Job Manager)",
              "vendor": "sebet",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.4.8.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dynamic Copyright Year",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Code Manager",
              "vendor": "peterschulznl",
              "versions": [
                {
                  "lessThanOrEqual": "1.0.40",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Advanced Scrollbar \u2013 Custom Scrollbar Styling and Behavior",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Goal Tracker \u2013 Custom Event Tracking for GA4",
              "vendor": "yuvalo",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Tablesome Table \u2013 Contact Form DB \u2013 WPForms, CF7, Gravity, Forminator, Fluent",
              "vendor": "essekia",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Page Templates",
              "vendor": "josevega",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Payment Gateway for ACBA BANK",
              "vendor": "hkdigitalagency",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Dracula Dark Mode \u2013  Accessibility, Reading Mode \u0026 Dark Mode for WordPress",
              "vendor": "princeahmed",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Forumax \u2013 AI Powered Advanced Community Forum Plugin",
              "vendor": "spiderdevs",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Five-Star Ratings Shortcode",
              "vendor": "seezee",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.56",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Product Layouts for WooCommerce",
              "vendor": "oxilab",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Meta Field Block \u2013 Display custom fields in the Block Editor without coding",
              "vendor": "mr2p",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Custom WooCommerce Checkout Fields Editor",
              "vendor": "themelocation",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Open User Map",
              "vendor": "100plugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Notification Bell",
              "vendor": "wpdever",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remove Add to Cart WooCommerce",
              "vendor": "themelocation",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "File Manager for Google Drive \u2013 Integrate Google Drive",
              "vendor": "princeahmed",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Marijuana Age Verify",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "RevivePress \u2013 Keep your Old Content Evergreen",
              "vendor": "infosatech",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Restaurant \u0026 Cafe Addon for Elementor",
              "vendor": "nicheaddons",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Send Users Email \u2013 Email Subscribers, Email Marketing Newsletter",
              "vendor": "paretodigital",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Unlimited Elements For Elementor",
              "vendor": "unitecms",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.140",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Role Based Pricing for Woo by Meow Crew",
              "vendor": "meowcrew",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Primary Addon for Elementor",
              "vendor": "nicheaddons",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Featured Images in RSS for Mailchimp \u0026 More",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Image Alt Text Manager \u2013 Bulk \u0026 Dynamic Alt Tags For image SEO Optimization + AI",
              "vendor": "wpsaad",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Message Filter for Contact Form 7",
              "vendor": "kofimokome",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Embedder for Google Reviews",
              "vendor": "paretodigital",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MapGeo \u2013 Interactive Geo Maps",
              "vendor": "interactivegeomaps",
              "versions": [
                {
                  "lessThanOrEqual": "1.6.22",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WPBITS Addons For Elementor Page Builder",
              "vendor": "wpbits",
              "versions": [
                {
                  "lessThanOrEqual": "1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Widgets on Pages",
              "vendor": "toddhalfpenny",
              "versions": [
                {
                  "lessThanOrEqual": "1.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Spotlight Social Feeds \u2013 Block, Shortcode, and Widget",
              "vendor": "rebelcode",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WOW Styler for CF7 \u2013 Visual Styler for Contact Form 7 Forms",
              "vendor": "tobias_conrad",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AI Bud \u2013 AI Content Generator, AI Chatbot, ChatGPT, Gemini, GPT-4o",
              "vendor": "webfactory",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Text To Speech TTS Accessibility",
              "vendor": "hasanazizul",
              "versions": [
                {
                  "lessThanOrEqual": "1.7.34",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Easy Age Verify",
              "vendor": "5starplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AI Puffer \u2013 Chat. Create. Automate. (formerly AI Power)",
              "vendor": "senols",
              "versions": [
                {
                  "lessThanOrEqual": "1.8.99",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Justified Gallery",
              "vendor": "damian-gora",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Mapster WP Maps",
              "vendor": "mapster",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "StreamWeasels Twitch Integration",
              "vendor": "streamweasels",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XT Variation Swatches for WooCommerce",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "bBlocks \u2013 Essential Gutenberg Blocks \u0026 Patterns Collection",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "1.9.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "URL Shortify \u2013 Simple and Easy URL Shortener",
              "vendor": "kaizencoders",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Kikote \u2013 Location Picker at Checkout \u0026 Google Address AutoFill Plugin for WooCommerce",
              "vendor": "uriahs-victor",
              "versions": [
                {
                  "lessThanOrEqual": "1.10.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Geo Mashup",
              "vendor": "cyberhobo",
              "versions": [
                {
                  "lessThanOrEqual": "1.13.15",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Disable Payment Methods based on cart conditions for WooCommerce",
              "vendor": "josevega",
              "versions": [
                {
                  "lessThanOrEqual": "1.16.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Automatic Internal Links for SEO by Pagup",
              "vendor": "pagup",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Full Screen Background",
              "vendor": "enweby",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Master Addons For Elementor \u2013 Widgets, Extensions, Theme Builder, Popup Builder \u0026 Template Kits",
              "vendor": "litonice13",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.7.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Player \u2013 Live Shoutcast, Icecast and Any Audio Stream Player",
              "vendor": "princeahmed",
              "versions": [
                {
                  "lessThanOrEqual": "2.0.82",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Carousel, Recent Post Slider and Banner Slider",
              "vendor": "spicethemes",
              "versions": [
                {
                  "lessThanOrEqual": "2.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO)",
              "vendor": "pagup",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XT Quick View for WooCommerce",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Smart phone field for Gravity Forms",
              "vendor": "pluginscafe",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Notification Bar, Announcement and Cookie Notice WordPress Plugin \u2013 FooBar",
              "vendor": "fooplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.34",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "PDF Poster \u2013 Display PDF Files with Custom Viewer",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Events Addon for Elementor",
              "vendor": "nicheaddons",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "HTML5 Audio Player \u2013 The Ultimate No-Code Podcast, MP3 \u0026 Audio Player",
              "vendor": "bplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.27",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Glossary",
              "vendor": "mte90",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.38",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Restrict \u2013 membership, site, content and user access restrictions for WordPress",
              "vendor": "tickera",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Custom PHP Settings",
              "vendor": "cyclonecode",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Meta and Date Remover",
              "vendor": "prasadkirpekar",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Anti-Spam Protection \u2013 No API Key, GDPR Friendly",
              "vendor": "fullworks",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Permalink Manager for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.11",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Music Player for Elementor \u2013 Audio Player \u0026 Podcast Player",
              "vendor": "smartwpress",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TopNewsWp \u2013 Display Tikcer News, RSS Feed Widget and Many More",
              "vendor": "mhmrajib",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ocean Extra",
              "vendor": "oceanwp",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Gallery by FooGallery",
              "vendor": "fooplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.4.27",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Automatic YouTube Gallery",
              "vendor": "plugins360",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EazyDocs \u2013 AI Powered Knowledge Base, Wiki, Documentation \u0026 FAQ Builder",
              "vendor": "spiderdevs",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Team Members \u2013 A WordPress Team Plugin with Gallery, Grid, Carousel, Slider, Table, List, and More",
              "vendor": "samdani",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Radio Station by netmix\u00ae \u2013 Manage and play your Show Schedule in WordPress!",
              "vendor": "tonyzeoli",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "StoreCustomizer \u2013 A plugin to Customize all WooCommerce Pages",
              "vendor": "kaira",
              "versions": [
                {
                  "lessThanOrEqual": "2.5.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Joli Table Of Contents",
              "vendor": "wpjoli",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GA4WP \u2013 Analytics Dashboard for the Website",
              "vendor": "passionatebrains",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Place Order Without Payment for WooCommerce",
              "vendor": "nitin247",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Better Messages \u2013 Live Chat, Chat Rooms, Real-Time Messaging \u0026 Private Messages",
              "vendor": "wordplus",
              "versions": [
                {
                  "lessThanOrEqual": "2.6.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Share This Image",
              "vendor": "mihail-barinov",
              "versions": [
                {
                  "lessThanOrEqual": "2.07",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Inavii Social Feed",
              "vendor": "inavii",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Lightbox \u0026 Modal Popup WordPress Plugin \u2013 FooBox",
              "vendor": "fooplugins",
              "versions": [
                {
                  "lessThanOrEqual": "2.7.33",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "XT Floating Cart for WooCommerce",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu",
              "vendor": "takanakui",
              "versions": [
                {
                  "lessThanOrEqual": "2.8.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AEH Speed Optimization: Browser Cache, Optimized Minify, Lazy Loading \u0026 Image Optimization",
              "vendor": "passionatebrains",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Independent Analytics",
              "vendor": "bensibley",
              "versions": [
                {
                  "lessThanOrEqual": "2.9.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Knowledge Base documentation \u0026 wiki plugin \u2013 BasePress Docs",
              "vendor": "codesavory",
              "versions": [
                {
                  "lessThanOrEqual": "2.16.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Internal Link Juicer: SEO Auto Linker for WordPress",
              "vendor": "davidanderson",
              "versions": [
                {
                  "lessThanOrEqual": "2.24.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Bulk Edit Posts and Products in Spreadsheet",
              "vendor": "josevega",
              "versions": [
                {
                  "lessThanOrEqual": "2.25.16",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post SMTP \u2013 Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP \u0026 Mobile App",
              "vendor": "saadiqbal",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TablePress \u2013 Tables in WordPress made easy",
              "vendor": "tobiasbg",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ultimeter",
              "vendor": "bouncingsprout",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "TreePress \u2013 Easy Family Trees \u0026 Ancestor Profiles",
              "vendor": "blackandwhitedigital",
              "versions": [
                {
                  "lessThanOrEqual": "3.0.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Pay For Post with WooCommerce",
              "vendor": "mattpramschufer",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.26",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post to Google My Business (Google Business Profile)",
              "vendor": "koen12344",
              "versions": [
                {
                  "lessThanOrEqual": "3.1.28",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Coupons and Deals \u2013 Coupon Plugin For Affiliate Marketers",
              "vendor": "imtiazrayhan",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Advanced Classifieds \u0026 Directory Pro",
              "vendor": "pluginsware",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Mixed Media Gallery Blocks",
              "vendor": "gallerycreator",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.4.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "BlockSpare \u2014 News, Magazine and Blog Addons for (Gutenberg) Block Editor",
              "vendor": "blockspare",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AidWP \u2013 Donation \u0026 Payment Forms (Stripe Powered)",
              "vendor": "mhmrajib",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Logo Showcase \u2013 Responsive Logo Carousel, Logo Slider \u0026 Logo Grid",
              "vendor": "infornweb",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post Slider and Post Carousel with Post Vertical Scrolling Widget \u2013 A Responsive Post Slider",
              "vendor": "pluginandplay",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Solid Testimonials \u2013 Testimonial Slider, Video Testimonials \u0026 Customer Reviews",
              "vendor": "samdani",
              "versions": [
                {
                  "lessThanOrEqual": "3.2.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Team Members Showcase",
              "vendor": "wpspeedo",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "EleSpare \u2013 News, Magazine and Blog Addons for Elementor",
              "vendor": "elespare",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Post List Designer \u2013 Category Post, Recent Post, Post List",
              "vendor": "infornweb",
              "versions": [
                {
                  "lessThanOrEqual": "3.3.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Blog Designer Pack \u2013 Blog, Post Grid, Post Slider, Post Carousel, Category Post, News",
              "vendor": "infornweb",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "YASR \u2013 Yet Another Star Rating Plugin for WordPress",
              "vendor": "dashlabsltd",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WPIDE \u2013 File Manager \u0026 Code Editor",
              "vendor": "xplodedthemes",
              "versions": [
                {
                  "lessThanOrEqual": "3.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Product Filter for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "3.7.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Post Author \u2013 Author Box, Multiple Authors, Guest Authors \u0026 Custom Avatars",
              "vendor": "afthemes",
              "versions": [
                {
                  "lessThanOrEqual": "3.8.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Delete Posts automatically",
              "vendor": "wpmagics",
              "versions": [
                {
                  "lessThanOrEqual": "3.9.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Menu Image, Icons made easy",
              "vendor": "takanakui",
              "versions": [
                {
                  "lessThanOrEqual": "3.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "AWCA \u2013 The Great Analytics Insights for Your eStore",
              "vendor": "passionatebrains",
              "versions": [
                {
                  "lessThanOrEqual": "3.12.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Announcement \u0026 Notification Banner \u2013 Bulletin",
              "vendor": "mikewire_rocksolid",
              "versions": [
                {
                  "lessThanOrEqual": "3.12.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Thank You Page for WooCommerce",
              "vendor": "nitin247",
              "versions": [
                {
                  "lessThanOrEqual": "4.2.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Contact Form 7 Multi-Step Forms",
              "vendor": "webheadllc",
              "versions": [
                {
                  "lessThanOrEqual": "4.4.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Auto-Install Free SSL \u2013 Generate \u0026 Install Free SSL Certificates",
              "vendor": "speedify",
              "versions": [
                {
                  "lessThanOrEqual": "4.5.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Books Gallery \u2013 Build Stunning Book Showcases \u0026 Libraries in Minutes",
              "vendor": "mhmrajib",
              "versions": [
                {
                  "lessThanOrEqual": "4.6.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Easy Appointment Booking \u0026 Scheduling System \u2013 Webba Booking Calendar",
              "vendor": "webba-agency",
              "versions": [
                {
                  "lessThanOrEqual": "5.0.57",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP fail2ban \u2013 Advanced Security",
              "vendor": "invisnet",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Ivory Search \u2013 WordPress Search Plugin",
              "vendor": "vinod-dalvi",
              "versions": [
                {
                  "lessThanOrEqual": "5.5.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Data Access \u2013 App Builder for Tables, Forms, Charts, Maps \u0026 Dashboards",
              "vendor": "peterschulznl",
              "versions": [
                {
                  "lessThanOrEqual": "5.5.31",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Coupon Affiliates \u2013 Affiliate Plugin for WooCommerce",
              "vendor": "elliotvs",
              "versions": [
                {
                  "lessThanOrEqual": "5.17.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Security Ninja \u2013 WordPress Security \u0026 Firewall",
              "vendor": "cleverplugins",
              "versions": [
                {
                  "lessThanOrEqual": "5.222",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Checkout with Cash App on WooCommerce",
              "vendor": "theafricanboss",
              "versions": [
                {
                  "lessThanOrEqual": "6.0.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Display Eventbrite Events",
              "vendor": "fullworks",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Secure Gateway for Authorize.net and WooCommerce by Pledged Plugins",
              "vendor": "mohsinoffline",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Easy Social Feed \u2013 Social Photos Gallery and Post Feed for WordPress",
              "vendor": "sjaved",
              "versions": [
                {
                  "lessThanOrEqual": "6.6.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Shortcodes Plugin \u2014 Shortcodes Ultimate",
              "vendor": "gn_themes",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WP Encryption \u2013 One Click Free SSL Certificate \u0026 SSL / HTTPS Redirect, Security \u0026 SSL Scan",
              "vendor": "gowebsmarty",
              "versions": [
                {
                  "lessThanOrEqual": "7.7.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WordPress form builder plugin for contact forms, surveys and quizzes \u2013 Tripetto",
              "vendor": "tripetto",
              "versions": [
                {
                  "lessThanOrEqual": "8.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Asaf Mozes"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple plugins and/or themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the url parameter in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-01T05:29:54.148Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d694491c-c0f5-4418-805a-db792ea4f712?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/tablepress/trunk/libraries/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/widgets-on-pages/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/menu-image/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/simply-gallery-block/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/foobox-image-lightbox/tags/2.7.33/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/featured-images-for-rss-feeds/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/wpide/tags/3.5.0/dist/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/add-search-to-menu/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/master-addons/trunk/lib/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/foogallery/tags/2.4.27/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/internal-links/trunk/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/interactive-geo-maps/tags/1.6.21/vendor/freemius/wordpress-sdk/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/independent-analytics/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/spotlight-social-photo-feeds/trunk/ui/freemius-pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-permalink-manager/tags/2.3.11/assets/admin/js/pricing-page/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/pdf-poster/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/wp-meta-and-date-remover/tags/2.3.4/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/provider/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/freemius/assets/js/pricing/freemius-pricing.js"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3235286/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3249130/"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3229060/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-04-30T17:32:32.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-04-30T17:17:30.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Freemius \u003c= 2.10.1 - Reflected DOM-Based Cross-Site Scripting via url Parameter"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-13362",
        "datePublished": "2026-05-01T05:29:54.148Z",
        "dateReserved": "2025-01-13T18:08:47.439Z",
        "dateUpdated": "2026-05-01T13:23:26.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-32541 (GCVE-0-2026-32541)

    Vulnerability from cvelistv5 – Published: 2026-03-25 16:15 – Updated: 2026-04-29 09:52
    VLAI
    Title
    WordPress Premmerce Redirect Manager plugin <= 1.0.12 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Redirect Manager Affected: n/a , ≤ <= 1.0.12 (custom)
    Create a notification for this product.
    Date Public
    2026-03-25 17:12
    Credits
    Que Thanh Tuan | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-32541",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-26T13:13:58.190442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-26T13:15:12.437Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-redirect-manager",
              "product": "Premmerce Redirect Manager",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.0.13",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "\u003c= 1.0.12",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Que Thanh Tuan | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-03-25T17:12:43.510Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Premmerce Redirect Manager: from n/a through \u003c= 1.0.12.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through \u003c= 1.0.12."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T09:52:01.501Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-redirect-manager/vulnerability/wordpress-premmerce-redirect-manager-plugin-1-0-12-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Redirect Manager plugin \u003c= 1.0.12 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2026-32541",
        "datePublished": "2026-03-25T16:15:11.437Z",
        "dateReserved": "2026-03-12T11:12:34.193Z",
        "dateUpdated": "2026-04-29T09:52:01.501Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0555 (GCVE-0-2026-0555)

    Vulnerability from cvelistv5 – Published: 2026-02-07 08:26 – Updated: 2026-04-08 17:06
    VLAI
    Title
    Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint
    Summary
    The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page).
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Affected: 0 , ≤ 1.3.20 (semver)
    Create a notification for this product.
    Credits
    Athiwat Tiprasaharn
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0555",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-11T15:37:24.102754Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-11T15:46:04.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.20",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u0027premmerce_wizard_actions\u0027 AJAX endpoint in all versions up to, and including, 1.3.20. This is due to missing capability checks and insufficient input sanitization and output escaping on the `state` parameter. This makes it possible for authenticated attackers, with subscriber level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page (the Premmerce Wizard admin page)."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:06:48.770Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90b2a644-19a0-43a1-8ff6-7486d7ef29b3?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/Admin.php?marks=41#L41"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Admin/Handlers/WizardHandler.php?marks=42,50,52#L42"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/src/Api/WizardApi.php?marks=38#L38"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce/tags/1.3.20/views/admin/tabs/wizard.php?marks=30#L30"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3464825/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-24T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2026-02-06T20:25:58.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce \u003c= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via \u0027premmerce_wizard_actions\u0027 AJAX Endpoint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0555",
        "datePublished": "2026-02-07T08:26:38.893Z",
        "dateReserved": "2026-01-01T20:56:47.477Z",
        "dateUpdated": "2026-04-08T17:06:48.770Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13369 (GCVE-0-2025-13369)

    Vulnerability from cvelistv5 – Published: 2026-01-07 07:17 – Updated: 2026-04-08 17:10
    VLAI
    Title
    Premmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site Scripting
    Summary
    The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'money_spent_from', 'money_spent_to', 'registered_from', and 'registered_to' parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Credits
    Athiwat Tiprasaharn Itthidej Aramsri
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13369",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-07T14:50:12.714992Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-07T16:13:15.887Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce WooCommerce Customers Manager",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.14",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Itthidej Aramsri"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce WooCommerce Customers Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027money_spent_from\u0027, \u0027money_spent_to\u0027, \u0027registered_from\u0027, and \u0027registered_to\u0027 parameters in all versions up to, and including, 1.1.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:10:54.953Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9980ec20-60ae-42eb-a2cd-146e57435398?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/src/Admin/Admin.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/src/Admin/Admin.php#L135"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/trunk/views/admin/filter.php#L43"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/woo-customers-manager/tags/1.1.14/views/admin/filter.php#L43"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3465273/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-01-06T18:36:11.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce WooCommerce Customers Manager \u003c= 1.1.14 - Reflected Cross-Site Scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-13369",
        "datePublished": "2026-01-07T07:17:33.843Z",
        "dateReserved": "2025-11-18T18:03:13.649Z",
        "dateUpdated": "2026-04-08T17:10:54.953Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13440 (GCVE-0-2025-13440)

    Vulnerability from cvelistv5 – Published: 2025-12-12 03:20 – Updated: 2026-04-08 17:09
    VLAI
    Title
    Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion
    Summary
    The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Wishlist for WooCommerce Affected: 0 , ≤ 1.1.10 (semver)
    Create a notification for this product.
    Credits
    Abhirup Konwar
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13440",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-12T20:11:44.023221Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T18:13:29.413Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Wishlist for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abhirup Konwar"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Wishlist for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.1.10. This is due to a missing capability check on the deleteWishlist() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary wishlists."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:09:37.959Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9347900c-61c2-4d63-885e-e971c646b737?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wishlist/trunk/src/Admin/Admin.php#L334"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wishlist/tags/1.1.10/src/Admin/Admin.php#L334"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3426971/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-11T15:05:19.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Wishlist for WooCommerce \u003c= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-13440",
        "datePublished": "2025-12-12T03:20:50.767Z",
        "dateReserved": "2025-11-19T19:06:21.133Z",
        "dateUpdated": "2026-04-08T17:09:37.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12783 (GCVE-0-2025-12783)

    Vulnerability from cvelistv5 – Published: 2025-12-12 03:20 – Updated: 2026-04-08 16:57
    VLAI
    Title
    Premmerce Brands for WooCommerce <= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update
    Summary
    The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    premmerce Premmerce Brands for WooCommerce Affected: 0 , ≤ 1.2.13 (semver)
    Create a notification for this product.
    Credits
    Athiwat Tiprasaharn Powpy
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12783",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-15T17:49:59.867919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-15T18:15:15.459Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Brands for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Athiwat Tiprasaharn"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Powpy"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Brands for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveBrandsSettings function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify brand permalink settings."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:57:47.844Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6560ba0b-2190-4d30-b0c4-f07d524ccfde?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-brands/tags/1.2.13/src/Admin/Admin.php#L101"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3465319/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-28T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-12-11T14:30:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Brands for WooCommerce \u003c= 1.2.13 - Missing Authorization To Authenticated (Subscriber+) Brand Permalink Settings Update"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-12783",
        "datePublished": "2025-12-12T03:20:47.249Z",
        "dateReserved": "2025-11-05T22:32:16.722Z",
        "dateUpdated": "2026-04-08T16:57:47.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-12411 (GCVE-0-2025-12411)

    Vulnerability from cvelistv5 – Published: 2025-11-18 08:27 – Updated: 2026-04-08 16:40
    VLAI
    Title
    Premmerce Wholesale Pricing for WooCommerce <= 1.1.10 - Authenticated (Subscriber+) SQL Injection
    Summary
    The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'ID' parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php "premmerce_update_price_type" action, causing cosmetic corruption of the admin interface. The 'price_type' parameter of the "premmerce_delete_price_type" is also vulnerable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Credits
    Powpy
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-12411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-18T14:25:17.699297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-18T16:35:18.769Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Premmerce Wholesale Pricing for WooCommerce",
              "vendor": "premmerce",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Powpy"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Premmerce Wholesale Pricing for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the \u0027ID\u0027 parameter in versions up to, and including, 1.1.10. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber level access and above, to manipulate SQL queries that can be used to extract sensitive information from the database and modify price type display names in the database via the admin-post.php \"premmerce_update_price_type\" action, causing cosmetic corruption of the admin interface. The \u0027price_type\u0027 parameter of the \"premmerce_delete_price_type\" is also vulnerable."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:40:46.504Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1e4e27e0-bbb0-498a-b425-9e9d60dfed0f?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Models/Model.php#L171"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/premmerce-woocommerce-wholesale-pricing/tags/1.1.10/src/Admin/Admin.php#L83"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3465244/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-17T00:00:00.000Z",
              "value": "Discovered"
            },
            {
              "lang": "en",
              "time": "2025-11-17T20:08:58.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Premmerce Wholesale Pricing for WooCommerce \u003c= 1.1.10 - Authenticated (Subscriber+) SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2025-12411",
        "datePublished": "2025-11-18T08:27:30.246Z",
        "dateReserved": "2025-10-28T15:27:58.347Z",
        "dateUpdated": "2026-04-08T16:40:46.504Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60241 (GCVE-0-2025-60241)

    Vulnerability from cvelistv5 – Published: 2025-11-06 15:55 – Updated: 2026-04-28 18:43
    VLAI
    Title
    WordPress Premmerce plugin <= 1.3.19 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through <= 1.3.19.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Affected: 0 , ≤ 1.3.19 (custom)
    Create a notification for this product.
    Date Public
    2026-04-01 16:00
    Credits
    Ryan Novotny | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60241",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-07T14:18:27.153374Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-28T18:43:56.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce",
              "product": "Premmerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.3.20",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.3.19",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ryan Novotny | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:00:26.789Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce: from n/a through \u003c= 1.3.19.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce premmerce allows PHP Local File Inclusion.This issue affects Premmerce: from n/a through \u003c= 1.3.19."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:58.538Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce/vulnerability/wordpress-premmerce-plugin-1-3-19-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce plugin \u003c= 1.3.19 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60241",
        "datePublished": "2025-11-06T15:55:13.362Z",
        "dateReserved": "2025-09-25T15:34:44.964Z",
        "dateUpdated": "2026-04-28T18:43:56.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60194 (GCVE-0-2025-60194)

    Vulnerability from cvelistv5 – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60194",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:04:45.951731Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:04:49.153Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-search",
              "product": "Premmerce Product Search for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "2.2.5",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "2.2.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:54.994Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows PHP Local File Inclusion.This issue affects Premmerce Product Search for WooCommerce: from n/a through \u003c= 2.2.4."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.032Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-search/vulnerability/wordpress-premmerce-product-search-for-woocommerce-plugin-2-2-4-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Product Search for WooCommerce plugin \u003c= 2.2.4 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60194",
        "datePublished": "2025-11-06T15:54:50.878Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60193 (GCVE-0-2025-60193)

    Vulnerability from cvelistv5 – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce User Roles plugin <= 1.0.13 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through <= 1.0.13.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce User Roles Affected: 0 , ≤ 1.0.13 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:04:56.500263Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:04:59.050Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-user-roles",
              "product": "Premmerce User Roles",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.0.14",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.0.13",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:54.993Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows PHP Local File Inclusion.This issue affects Premmerce User Roles: from n/a through \u003c= 1.0.13."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.088Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-user-roles/vulnerability/wordpress-premmerce-user-roles-plugin-1-0-13-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce User Roles plugin \u003c= 1.0.13 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60193",
        "datePublished": "2025-11-06T15:54:49.770Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.088Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60192 (GCVE-0-2025-60192)

    Vulnerability from cvelistv5 – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce Wholesale Pricing for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60192",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:05:10.108452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:05:12.802Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-woocommerce-wholesale-pricing",
              "product": "Premmerce Wholesale Pricing for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.1.11",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:55.868Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows PHP Local File Inclusion.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through \u003c= 1.1.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.079Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wholesale-pricing/vulnerability/wordpress-premmerce-wholesale-pricing-for-woocommerce-plugin-1-1-10-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Wholesale Pricing for WooCommerce plugin \u003c= 1.1.10 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60192",
        "datePublished": "2025-11-06T15:54:49.257Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-60191 (GCVE-0-2025-60191)

    Vulnerability from cvelistv5 – Published: 2025-11-06 15:54 – Updated: 2026-04-28 16:13
    VLAI
    Title
    WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.10 - Local File Inclusion vulnerability
    Summary
    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through <= 1.1.10.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Premmerce Premmerce Wishlist for WooCommerce Affected: 0 , ≤ 1.1.10 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:24
    Credits
    LVT-tholv2k | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-60191",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-27T16:05:22.842628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-27T16:05:25.122Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "premmerce-woocommerce-wishlist",
              "product": "Premmerce Wishlist for WooCommerce",
              "vendor": "Premmerce",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "1.1.11",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "1.1.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LVT-tholv2k | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:24:55.220Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.\u003cp\u003eThis issue affects Premmerce Wishlist for WooCommerce: from n/a through \u003c= 1.1.10.\u003c/p\u003e"
                }
              ],
              "value": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027) vulnerability in Premmerce Premmerce Wishlist for WooCommerce premmerce-woocommerce-wishlist allows PHP Local File Inclusion.This issue affects Premmerce Wishlist for WooCommerce: from n/a through \u003c= 1.1.10."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-252",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "PHP Local File Inclusion"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:13:57.104Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/premmerce-woocommerce-wishlist/vulnerability/wordpress-premmerce-wishlist-for-woocommerce-plugin-1-1-10-local-file-inclusion-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Premmerce Wishlist for WooCommerce plugin \u003c= 1.1.10 - Local File Inclusion vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-60191",
        "datePublished": "2025-11-06T15:54:48.713Z",
        "dateReserved": "2025-09-25T15:28:34.981Z",
        "dateUpdated": "2026-04-28T16:13:57.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }