Woocommerce Product Addon
by WordPress
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-11391 | Cri | 0.64 | 9.8 | 0.01 | Oct 18, 2025 | The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for… | ||
| CVE-2024-3962 | Cri | 0.58 | 9.8 | 0.01 | Apr 26, 2024 | The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-11691 | Hig | 0.49 | 7.5 | 0.00 | Oct 18, 2025 | The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of… | ||
| CVE-2025-24668 | Med | 0.38 | 5.9 | 0.00 | Jan 24, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Stored XSS.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.8. | ||
| CVE-2025-66069 | Med | 0.28 | 4.3 | 0.00 | Nov 21, 2025 | Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16. | ||
| CVE-2019-14948 | 0.00 | — | 0.01 | Aug 12, 2019 | The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. |
- risk 0.64cvss 9.8epss 0.01
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for…
- risk 0.58cvss 9.8epss 0.01
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated attackers to…
- risk 0.49cvss 7.5epss 0.00
The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOM_Meta::get_fields_by_id() function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Stored XSS.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.8.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16.
- CVE-2019-14948Aug 12, 2019risk 0.00cvss —epss 0.01
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.