VYPR

Woocommerce Product Addon

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-11391CriOct 18, 2025
    risk 0.64cvss 9.8epss 0.01

    The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for…

  • CVE-2024-3962CriApr 26, 2024
    risk 0.58cvss 9.8epss 0.01

    The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to…

  • CVE-2025-11691HigOct 18, 2025
    risk 0.49cvss 7.5epss 0.00

    The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2025-24668MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Stored XSS.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.8.

  • CVE-2025-66069MedNov 21, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.

  • CVE-2019-14948Aug 12, 2019
    risk 0.00cvss epss 0.01

    The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.