VYPR

Yayextra

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-7257CriAug 3, 2024
    risk 0.57cvss 9.8epss 0.01

    The YayExtra – WooCommerce Extra Product Options plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_upload_file function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated…

  • CVE-2025-48299HigJul 16, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YayCommerce YayExtra yayextra allows SQL Injection.This issue affects YayExtra: from n/a through <= 1.5.5.

  • CVE-2025-31415HigApr 1, 2025
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in YayCommerce YayExtra yayextra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayExtra: from n/a through <= 1.5.2.