VYPR

Cart All In One For WooCommerce

by WordPress

CVEs (2)

  • CVE-2026-2019HigFeb 18, 2026
    risk 0.40cvss 7.2epss 0.00

    The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval() function. This makes it possible…

  • CVE-2023-3547Sep 25, 2023
    risk 0.00cvss epss 0.00

    The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks.