Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Magical Products Display – Elementor WooCommerce Widgets | Product Sliders, Grids & AJAX Search 1.1.29

  • Severity: medium-risk
  • Status: Fixed
  • Publication: November 20, 2025

A popular tool used on WordPress websites, the Magical Products Display plugin, has a security issue that could put users at risk. The problem lies in a feature called MPD Pricing Table, where certain input from users is not properly checked for harmful code, allowing attackers with certain levels of access to insert their own malicious scripts into the website. This can lead to these scripts being executed whenever a user visits a page with the injected code.

Detected in:

Magical Products Display – Elementor WooCommerce Widgets | Product Sliders, Grids & AJAX Search fixed vulnerable versions: >= * <= 1.1.29
Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.