GCVE - cpe:2.3:a:najeebmedia:ppom_for_woocommerce:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:najeebmedia:ppom_for_woocommerce:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Najeebmedia (`d066f5a7-be8a-5e7a-abb2-c55aeccdf95a`)
Product	Ppom For Woocommerce (`16f9386c-9ac7-55f8-99a4-da9625cd3a8c`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-25018`	vulnerable	2026-06-08 05:30:39.809523	PPOM for WooCommerce < 24.0 - Subscriber+ Settings Update to Stored XSS The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issues Published: 2022-02-14T09:20:43.000Z Updated: 2024-08-03T19:49:14.554Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/9e092aad-0b36-45a9-8987-8d904b34fbb2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14948`	vulnerable	2026-06-08 05:12:56.455786	Details available The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. Published: 2019-08-12T14:57:52.000Z Updated: 2024-08-05T00:34:52.811Z Open on db.gcve.eu Reference links https://wpvulndb.com/vulnerabilities/9502 https://wordpress.org/plugins/woocommerce-product-addon/#developers https://www.pluginvulnerabilities.com/2019/08/08/this-authenticated-persistent-xss-vulnerability-might-be-what-hackers-are-targeting-ppom-for-woocommerce-for/	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.