Product Input Fields For Woocommerce
Approved changes feed: RSS · Atom
cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Tychesoftwares (db686eea-abfb-5961-9b4b-c2e0a3dc6e56) |
|---|---|
| Product | Product Input Fields For Woocommerce (d55b1e25-7c4e-5f2f-ad76-95bd591200b7) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-13359 |
vulnerable | 2026-06-03 14:54:24.356167 |
Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload
HIGH (8.1)
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. Please note that by default the plugin is only vulnerable to a double extension file upload attack, unless an administrators leaves the accepted file extensions field blank which can make .php file uploads possible. Please note 1.12.2 was mistakenly marked as patched while 1.12.1 was marked as vulnerable for a short period of time, this is not the case and 1.12.1 is fully patched.
Published: 2025-03-08T09:22:53.866Z
Updated: 2026-04-08T17:14:12.467Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10857 |
vulnerable | 2026-06-03 14:54:12.754535 |
Product Input Fields for WooCommerce <= 1.9 - Authenticated (Contributor+) Arbitrary File Read
MEDIUM (6.5)
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Published: 2024-11-26T06:43:45.413Z
Updated: 2026-04-08T17:29:34.088Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36696 |
vulnerable | 2026-06-03 14:42:39.658384 |
Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization
HIGH (7.5)
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable service.
Published: 2023-06-07T01:51:09.704Z
Updated: 2026-04-08T16:32:38.647Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.