VYPR

Variation Swatches for WooCommerce

by WordPress

CVEs (5)

  • CVE-2023-37975HigJul 27, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.

  • CVE-2021-42367MedDec 14, 2021
    risk 0.42cvss 6.4epss 0.01

    The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to…

  • CVE-2019-14774MedAug 8, 2019
    risk 0.40cvss 6.1epss 0.01

    The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter.

  • CVE-2025-47526MedMay 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in GS Plugins GS Variation Swatches for WooCommerce gs-woo-variation-swatches allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Variation Swatches for WooCommerce: from n/a through <= 3.0.4.

  • CVE-2024-13511MedJan 23, 2025
    risk 0.28cvss 4.3epss 0.00

    The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settings_init() function, which processes a reset action…