VYPR

Woo Lucky Wheel

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-14509HigDec 30, 2025
    risk 0.40cvss 7.2epss 0.01

    The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute user-supplied input from the 'Conditional Tags' setting without proper…