Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in 13 Addify plugins for WooCommerce

  • Severity: medium-risk
  • Status: Fixed
  • Publication: July 10, 2023

Several plugins for WordPress, called Addify, have security vulnerabilities in some of their versions. This means that attackers who don’t have permission to use the website can use a fake request to make the website do something that it shouldn’t. This is done by sending a link to someone with the authority to make changes and getting them to click on it.

Detected in:

Custom Fields for WooCommerce fixed vulnerable versions: >= * < 1.0.4
Custom Registration Forms Builder for WooCommerce fixed vulnerable versions: >= * < 1.0.2
Image Watermark for WooCommerce fixed vulnerable versions: >= * < 1.0.1
Price Calculator for WooCommerce fixed vulnerable versions: >= * <= *
Product Dynamic Pricing and Discounts for WooCommerce fixed vulnerable versions: >= * <= *
WooCommerce Abandoned Cart Recovery fixed vulnerable versions: >= * < 1.2.5
WooCommerce Advanced Free Gifts fixed vulnerable versions: >= * < 1.0.2
WooCommerce Checkout Field Manager fixed vulnerable versions:
WooCommerce Custom Order Number fixed vulnerable versions: >= * <= *
WooCommerce Gift Registry fixed vulnerable versions: >= * <= *
WooCommerce Order Approval fixed vulnerable versions: >= * < 1.1.0
WooCommerce Order Tracking fixed vulnerable versions: >= * < 1.0.2
WooCommerce Product Labels and Stickets fixed vulnerable versions: >= * <= *

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.