Wpclever: Security Vulnerabilities
The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-07-11
Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-11-01
Deserialization of Untrusted Data vulnerability in WPClever WPC Shop as a Customer for WooCommerce allows Object Injection.This issue affects WPC Shop as a Customer for WooCommerce: from n/a through 1.2.6.
CVSS Score
8.8
EPSS Score
0.005
Published
2024-10-28
Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-06-09
The WPC Smart Quick View for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-04-13
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-01-05
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 does not sanitise and escape a parameter before outputting it back in an attribute via an AJAX action, leading to a Reflected Cross-Site Scripting issue.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-05-16
The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting
CVSS Score
5.4
EPSS Score
0.003
Published
2022-03-28