Search Results (43 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11778 2 Villatheme, Wordpress 2 Curcy – Multi Currency For Woocommerce – Smoothly On Woocommerce 9.x, Wordpress 2026-07-06 5.4 Medium
The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
CVE-2026-57664 2 Villatheme, Wordpress 2 Bopo – Woocommerce Product Bundle Builder, Wordpress 2026-06-29 4.3 Medium
Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.
CVE-2026-57324 2 Villatheme, Wordpress 2 Gift4u, Wordpress 2026-06-26 6.5 Medium
Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.
CVE-2026-54809 2 Villatheme, Wordpress 2 Gift4u, Wordpress 2026-06-20 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.
CVE-2026-39593 2 Villatheme, Wordpress 2 Happy, Wordpress 2026-05-21 6.5 Medium
Missing Authorization vulnerability in VillaTheme HAPPY allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HAPPY: from n/a through 1.0.10.
CVE-2022-46796 2 Villatheme, Wordpress 2 Curcy, Wordpress 2026-04-28 6.5 Medium
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25.
CVE-2023-50831 1 Villatheme 1 Curcy 2026-04-28 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY – Multi Currency for WooCommerce allows Stored XSS.This issue affects CURCY – Multi Currency for WooCommerce: from n/a through 2.2.0.
CVE-2023-48778 1 Villatheme 1 Product Size Chart For Woocommerce 2026-04-28 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.This issue affects Product Size Chart For WooCommerce: from n/a through 1.1.5.
CVE-2026-28132 2 Villatheme, Wordpress 2 Woocommerce Photo Reviews, Wordpress 2026-04-28 5.3 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4.
CVE-2025-67977 2 Villatheme, Wordpress 2 Happy, Wordpress 2026-04-24 8.2 High
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.8.
CVE-2026-32526 2 Villatheme, Wordpress 2 Abandoned Cart Recovery For Woocommerce, Wordpress 2026-04-24 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Stored XSS.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through <= 1.1.10.
CVE-2025-68556 2 Villatheme, Wordpress 2 Happy, Wordpress 2026-04-23 5.3 Medium
Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a through <= 1.0.9.
CVE-2025-68550 2 Villatheme, Wordpress 2 Wpbulky, Wordpress 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects WPBulky: from n/a through <= 1.1.13.
CVE-2025-66528 2 Villatheme, Wordpress 2 Thank You Page Customizer For Woocommerce, Wordpress 2026-04-23 4.3 Medium
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.8.
CVE-2025-47570 2 Villatheme, Wordpress 2 Woocommerce Photo Reviews, Wordpress 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.3.13.
CVE-2025-47563 1 Villatheme 1 Curcy 2026-04-23 5.3 Medium
Missing Authorization vulnerability in villatheme CURCY woocommerce-multi-currency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CURCY: from n/a through <= 2.3.7.
CVE-2025-30993 3 Villatheme, Woocommerce, Wordpress 4 Thank You Page Customizer For Woocommerce, Woocommerce Thank You Page Customizer, Woocommerce and 1 more 2026-04-23 6.5 Medium
Missing Authorization vulnerability in VillaTheme Thank You Page Customizer for WooCommerce woo-thank-you-page-customizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thank You Page Customizer for WooCommerce: from n/a through <= 1.1.7.
CVE-2024-49288 1 Villatheme 1 Woocommerce Email Template Customizer 2026-04-23 5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.9.1.
CVE-2024-49283 1 Villatheme 1 Curcy 2026-04-23 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme CURCY woo-multi-currency allows Reflected XSS.This issue affects CURCY: from n/a through <= 2.2.3.
CVE-2026-40737 2 Villatheme, Wordpress 2 Compe, Wordpress 2026-04-22 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= 1.1.4.