VYPR

Xforwoocommerce

by Xforwoocommerce

CVEs (2)

  • CVE-2024-33628HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2.

  • CVE-2021-4337HigJun 7, 2023
    risk 0.57cvss 8.8epss 0.01

    Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wp_ajax_svx_ajax_factory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level…