Vulnerabilities in XootiX
11 resultsCVE-2023-2706HIGHOTP Login Woocommerce & Gravity Forms <= 2.2 - Authentication Bypass to Privilege EscalationEPSS 1.7%CVE-2024-5324HIGHXootiX Framework <= Various Plugin Versions - Missing Authorization to Arbitrary Options UpdateEPSS 1.5%CVE-2022-0215HIGHXootiX Plugins <= Various Versions Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.8%CVE-2020-36715HIGHLogin/Signup Popup < 1.5 - Missing AuthorizationEPSS 0.7%CVE-2023-28415MEDIUMWordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-5665MEDIUMLogin/Signup Popup ( Inline Form + Woocommerce ) 2.7.1 - 2.7.2 - Missing Authorization to Arbitrary Options ExposureEPSS 0.4%CVE-2024-8724MEDIUMWaitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site ScriptingEPSS 0.4%CVE-2024-43134MEDIUMWordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-45376MEDIUMWordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-1064MEDIUMLogin/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action ShortcodeEPSS 0.3%CVE-2025-50027MEDIUMWordPress Login/Signup Popup plugin <= 2.9.4 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.2%