Filtered by vendor Themelocation Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-46629 1 Themelocation 1 Remove Add To Cart Woocommerce 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4.
CVE-2022-4661 1 Themelocation 1 Widgets For Woocommerce Products On Elementor 2024-11-21 5.4 Medium
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2024-43271 1 Themelocation 1 Widgets For Woocommerce Products On Elementor 2024-08-20 8.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0.