GCVE - cpe:2.3:a:villatheme:woocommerce_thank_you_page_customizer:*:*:*:*:free:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:villatheme:woocommerce_thank_you_page_customizer:*:*:*:*:free:wordpress:*:*

part: a version: * update: *

Vendor	Villatheme (`f6e46fcf-f7b5-547b-bdd5-2c693fe77a08`)
Product	Woocommerce Thank You Page Customizer (`02c7f0a1-c779-5657-ae4f-7c63a02e6f49`)
Edition	*
Language	*
Software edition	free
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1687`	vulnerable	2026-06-03 14:54:34.293186	Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution MEDIUM (5.4) The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. Published: 2024-02-27T05:33:11.820Z Updated: 2026-04-08T16:44:59.728Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/310afe02-3a51-4633-b359-65ae58d0c032?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041096%40woo-thank-you-page-customizer&new=3041096%40woo-thank-you-page-customizer&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1686`	vulnerable	2026-06-03 14:54:34.292725	Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export MEDIUM (4.3) The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII. Published: 2024-02-27T05:33:11.199Z Updated: 2026-04-08T16:44:24.765Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=cve https://plugins.trac.wordpress.org/changeset/3041096/woo-thank-you-page-customizer/trunk/frontend/frontend.php	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Woocommerce Thank You Page Customizer

PURL mappings

Vulnerability references

Contribute