VYPR
Vendor

Wpclever

Products
7
CVEs
18
Across products
18
Status
Private

Products

7

Recent CVEs

18
  • CVE-2025-30772HigMar 27, 2025
    risk 0.57cvss 8.8epss 0.01

    Missing Authorization vulnerability in WPClever WPC Smart Upsell Funnel for WooCommerce wpc-smart-upsell-funnel allows Privilege Escalation.This issue affects WPC Smart Upsell Funnel for WooCommerce: from n/a through <= 3.0.4.

  • CVE-2024-50416HigOct 28, 2024
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce wpc-shop-as-customer allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through <= 1.2.6.

  • CVE-2024-12432HigDec 18, 2024
    risk 0.53cvss 8.1epss 0.01

    The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible…

  • CVE-2025-60248HigNov 6, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPClever WPC Product Options for WooCommerce wpc-product-options allows PHP Local File Inclusion.This issue affects WPC Product Options for WooCommerce: from…

  • CVE-2025-62903MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Smart Messages for WooCommerce wpc-smart-messages allows Stored XSS.This issue affects WPC Smart Messages for WooCommerce: from n/a through <= 4.2.8.

  • CVE-2025-49908MedOct 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPClever WPC Countdown Timer for WooCommerce wpc-countdown-timer allows Stored XSS.This issue affects WPC Countdown Timer for WooCommerce: from n/a through <= 3.1.4.

  • CVE-2025-58228MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Quick View for WooCommerce woo-quickview allows Stored XSS.This issue affects Quick View for WooCommerce: from n/a through <= 2.2.16.

  • CVE-2025-8618MedAug 20, 2025
    risk 0.35cvss 6.4epss 0.00

    The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's woosq_btn shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2025-11741MedOct 18, 2025
    risk 0.34cvss 5.3epss 0.00

    The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.2.5 via the 'woosq_quickview' AJAX endpoint due to insufficient restrictions on which posts can be included. This makes it possible for…

  • CVE-2023-6494MedApr 13, 2024
    risk 0.29cvss 4.4epss 0.00

    The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated…

  • CVE-2026-32407MedMar 13, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through <= 5.0.8.

  • CVE-2026-32406MedMar 13, 2026
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through <= 8.4.5.

  • CVE-2024-32687MedApr 22, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.0.3.

  • CVE-2023-52127MedJan 5, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.

  • CVE-2023-34386MedNov 9, 2023
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.

  • CVE-2025-5530Jul 11, 2025
    risk 0.00cvss epss 0.00

    The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2024-43312Nov 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9.

  • CVE-2022-1465May 16, 2022
    risk 0.00cvss epss 0.01

    The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.