VYPR

Prodigy Commerce

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-0926CriFeb 19, 2026
    risk 0.62cvss 9.8epss 0.09

    The Prodigy Commerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'parameters[template_name]' parameter. This makes it possible for unauthenticated attackers to include and read arbitrary files or execute…

  • CVE-2024-54250MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through <= 3.0.8.

  • CVE-2024-54251MedDec 9, 2024
    risk 0.35cvss 6.5epss 0.00

    Missing Authorization vulnerability in prodigycommerce Prodigy Commerce prodigy-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through <= 3.1.2.