VYPR

Customize My Account For Woocommerce

by WordPress

Source repositories

CVEs (6)

  • CVE-2025-24592HigFeb 14, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SysBasics Customize My Account for WooCommerce customize-my-account-for-woocommerce allows Reflected XSS.This issue affects Customize My Account for WooCommerce: from n/a…

  • CVE-2023-46634HigNov 13, 2023
    risk 0.46cvss 7.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS).This issue affects Custom My Account for Woocommerce: from n/a through 2.1.

  • CVE-2024-10837MedNov 9, 2024
    risk 0.33cvss 6.1epss 0.00

    The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-51369MedMar 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.

  • CVE-2026-12137Jun 18, 2026
    risk 0.00cvss epss 0.00

    The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient input sanitization and…

  • CVE-2026-12136Jun 18, 2026
    risk 0.00cvss epss 0.00

    The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasics_user_avatar' shortcode in versions up to, and including, 4.3.6. This is due to insufficient input sanitization and output escaping on user supplied…