VYPR

Product Input Fields For Woocommerce

by WordPress

Source repositories

CVEs (4)

  • CVE-2020-36696HigJun 7, 2023
    risk 0.49cvss 7.5epss 0.01

    The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download…

  • CVE-2024-31431MedApr 15, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0.

  • CVE-2024-13359Mar 8, 2025
    risk 0.00cvss epss 0.01

    The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the add_product_input_fields_to_order_item_meta() function in all versions up to, and including, 1.12.0. This may make it possible…

  • CVE-2024-10857Nov 26, 2024
    risk 0.00cvss epss 0.01

    The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated…