CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Variation Swatches For Woocommerce Project: >> Variation Swatches For Woocommerce >> 1.0.3 Security Vulnerabilities

CVE-2023-37975

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.

CVSS Score

7.1

EPSS Score

0.001

Published

2023-07-27

CVE-2021-42367

The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to missing authorization checks on the tawcvs_save_settings function, low-level authenticated users such as subscribers can exploit this vulnerability.

CVSS Score

6.4

EPSS Score

0.002

Published

2021-12-14

Page 1

Vulnerabilities

Vulnerable Software

Variation Swatches For Woocommerce Project: >> Variation Swatches For Woocommerce >> 1.0.3 Security Vulnerabilities

Products

Pricing

Contact Us