GCVE - cpe:2.3:a:acowebs:product_labels_for_woocommerce_\(sale

Approved changes feed: RSS · Atom

cpe:2.3:a:acowebs:product_labels_for_woocommerce_\(sale_badges\):*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Acowebs (`059c1c2e-0cfa-5908-8b0a-b11cfcd4f8ef`)
Product	Product Labels For Woocommerce (Sale Badges) (`9ecd2ff9-25db-54c4-a640-b209b5be6723`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-24886`	vulnerable	2026-06-03 14:55:06.014726	WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3. Published: 2024-02-08T10:46:28.400Z Updated: 2026-04-28T16:09:11.778Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/aco-product-labels-for-woocommerce/wordpress-product-labels-for-woocommerce-sale-badges-plugin-1-5-3-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12109`	vulnerable	2026-06-03 14:54:15.651807	Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks Published: 2025-03-25T06:00:11.148Z Updated: 2025-03-25T13:20:23.385Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/2eca2f88-c843-4794-8cd9-46f17c92753a/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10638`	vulnerable	2026-06-03 14:54:12.228918	Product Labels For Woocommerce < 1.5.11 - Admin+ SQLi The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks Published: 2025-03-25T06:00:08.951Z Updated: 2025-03-25T13:21:10.641Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/32a7a778-2211-45b4-bdc2-528f27b7d4fe/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Product Labels For Woocommerce (Sale Badges)

PURL mappings

Vulnerability references

Contribute