VYPR
Vendor

Storeapps

Products
3
CVEs
9
Across products
9
Status
Private

Products

3

Recent CVEs

9
  • CVE-2026-45216HigMay 25, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0.

  • CVE-2025-22710HigJan 21, 2025
    risk 0.51cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce allows Blind SQL Injection.This issue affects Smart Manager: from n/a through <= 8.52.0.

  • CVE-2023-5663HigMar 13, 2024
    risk 0.50cvss 8.8epss 0.01

    The News Announcement Scroll plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2026-24365MedJan 22, 2026
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.This issue affects Stock Manager for WooCommerce: from n/a through < 3.6.0.

  • CVE-2024-49687MedDec 31, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in storeapps Smart Manager smart-manager-for-wp-e-commerce.This issue affects Smart Manager: from n/a through <= 8.45.0.

  • CVE-2023-35091MedJul 11, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.

  • CVE-2022-40694Nov 17, 2022
    risk 0.00cvss epss 0.00

    Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.

  • CVE-2021-34619Jul 21, 2021
    risk 0.00cvss epss 0.01

    The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.

  • CVE-2021-25399Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.