Vulnerabilidades en Villatheme
42 resultadosCVE-2024-8277CRITICALWooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege EscalationEPSS 1.6%CVE-2021-4379MEDIUMWooCommerce Multi Currency <= 2.1.17 - Missing AuthorizationEPSS 0.8%CVE-2022-41623HIGHWordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerabilityEPSS 0.7%CVE-2022-44634MEDIUMWordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerabilityEPSS 0.7%CVE-2024-13487HIGHCURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price FunctionEPSS 0.7%CVE-2022-46796MEDIUMWordPress CURCY plugin <= 2.1.25 - Unauthenticated plugin settings change vulnerabilityEPSS 0.6%CVE-2024-4039MEDIUMOrders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 0.6%CVE-2021-4376MEDIUMWooCommerce Multi Currency <= 2.1.17 - Missing AuthorizationEPSS 0.6%CVE-2025-14509HIGHLucky Wheel for WooCommerce – Spin a Sale <= 1.1.13 - Authenticated (Administrator+) PHP Code Injection via Conditional TagsEPSS 0.5%CVE-2023-50831MEDIUMWordPress CURCY Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.5%CVE-2026-2019HIGHCart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' SettingEPSS 0.5%CVE-2025-14541HIGHLucky Wheel Giveaway <= 1.0.22 - Authenticated (Administrator+) Remote Code Execution via 'conditional_tags' ParameterEPSS 0.5%CVE-2024-1686MEDIUMThank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data ExportEPSS 0.4%CVE-2025-49372CRITICALWordPress HAPPY plugin <= 1.0.7 - Remote Code Execution (RCE) vulnerabilityEPSS 0.4%CVE-2021-4395MEDIUMAbandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery BypassEPSS 0.4%CVE-2024-13320HIGHCURCY - WooCommerce Multi Currency - Currency Switcher <= 2.3.6 - Unauthenticated SQL InjectionEPSS 0.4%CVE-2024-1687MEDIUMThank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode ExecutionEPSS 0.4%CVE-2024-12861MEDIUMW2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File ReadEPSS 0.3%CVE-2026-27052HIGHWordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerabilityEPSS 0.3%CVE-2023-30482MEDIUMWordPress WPBulky Plugin < 1.0.10 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%