VYPR

Product Addons \& Fields For Woocommerce

by Themeisle

Source repositories

CVEs (5)

  • CVE-2025-11391CriOct 18, 2025
    risk 0.64cvss 9.8epss 0.01

    The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for…

  • CVE-2024-3962CriApr 26, 2024
    risk 0.58cvss 9.8epss 0.01

    The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to…

  • CVE-2025-11691HigOct 18, 2025
    risk 0.49cvss 7.5epss 0.00

    The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2023-2256May 30, 2023
    risk 0.02cvss epss 0.01

    The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.

  • CVE-2023-1839May 15, 2023
    risk 0.00cvss epss 0.00

    The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is…