VYPR
Vendor

Ilghera

Products
4
CVEs
8
Across products
8
Status
Private

Products

4

Recent CVEs

8
  • CVE-2023-41685HigNov 6, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.

  • CVE-2025-32516HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ilGhera Related Videos for JW Player related-videos-for-jw-player allows Reflected XSS.This issue affects Related Videos for JW Player: from n/a through <= 1.2.0.

  • CVE-2026-2421MedMar 20, 2026
    risk 0.42cvss 6.5epss 0.01

    The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a…

  • CVE-2023-41686MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2.

  • CVE-2024-33931MedMay 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in ilGhera JW Player for WordPress.This issue affects JW Player for WordPress: from n/a through 2.3.3.

  • CVE-2026-39614MedApr 8, 2026
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.

  • CVE-2025-14033MedMay 13, 2026
    risk 0.34cvss 5.3epss 0.00

    The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated…

  • CVE-2025-14034MedJan 6, 2026
    risk 0.34cvss 5.3epss 0.00

    The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'delete_single_ticket_callback' and 'change_ticket_status_callback' functions in all versions up to, and…