Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by BinaryCarpenter
CVE-2025-48334 (GCVE-0-2025-48334)
Vulnerability from nvd – Published: 2025-05-30 08:42 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Woo Slider Pro |
Affected:
0 , ≤ 1.12
(custom)
|
Date Public
2026-04-01 16:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:52:42.942035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:53:18.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-slider-pro-drag-drop-slider-builder-for-woocommerce",
"product": "Woo Slider Pro",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:41.806Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Woo Slider Pro: from n/a through \u003c= 1.12.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through \u003c= 1.12."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:56.711Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/woo-slider-pro-drag-drop-slider-builder-for-woocommerce/vulnerability/wordpress-woo-slider-pro-1-12-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Woo Slider Pro \u003c= 1.12 - Arbitrary Content Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48334",
"datePublished": "2025-05-30T08:42:56.425Z",
"dateReserved": "2025-05-19T14:14:34.468Z",
"dateUpdated": "2026-04-28T16:12:56.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31758 (GCVE-0-2025-31758)
Vulnerability from nvd – Published: 2025-04-03 13:27 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Free Woocommerce Product Table View |
Affected:
0 , ≤ 1.78
(custom)
|
Date Public
2026-04-01 16:37
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:58:37.176643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:06:06.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "free-product-table-for-woocommerce",
"product": "Free Woocommerce Product Table View",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:37:58.860Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:12.273Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/free-product-table-for-woocommerce/vulnerability/wordpress-free-woocommerce-product-table-view-plugin-1-78-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Free Woocommerce Product Table View plugin \u003c= 1.78 - Arbitrary Content Deletion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31758",
"datePublished": "2025-04-03T13:27:13.294Z",
"dateReserved": "2025-04-01T13:19:14.440Z",
"dateUpdated": "2026-04-28T16:12:12.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31757 (GCVE-0-2025-31757)
Vulnerability from nvd – Published: 2025-04-01 14:51 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Free Woocommerce Product Table View |
Affected:
0 , ≤ 1.78
(custom)
|
Date Public
2026-04-01 16:37
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T20:32:35.840166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T20:35:55.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "free-product-table-for-woocommerce",
"product": "Free Woocommerce Product Table View",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:37:58.667Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:12.228Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/free-product-table-for-woocommerce/vulnerability/wordpress-free-woocommerce-product-table-view-plugin-1-78-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Free Woocommerce Product Table View plugin \u003c= 1.78 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31757",
"datePublished": "2025-04-01T14:51:13.704Z",
"dateReserved": "2025-04-01T13:19:14.440Z",
"dateUpdated": "2026-04-28T16:12:12.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55977 (GCVE-0-2024-55977)
Vulnerability from nvd – Published: 2024-12-16 14:31 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress LaunchPage.app Importer plugin <= 1.1 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | LaunchPage.app Importer |
Affected:
0 , ≤ 1.1
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T15:58:39.894728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:38:09.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "launchpage-app-importer",
"product": "LaunchPage.app Importer",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:48.371Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.\u003cp\u003eThis issue affects LaunchPage.app Importer: from n/a through \u003c= 1.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through \u003c= 1.1."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:52.890Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress LaunchPage.app Importer plugin \u003c= 1.1 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-55977",
"datePublished": "2024-12-16T14:31:21.236Z",
"dateReserved": "2024-12-14T19:41:40.605Z",
"dateUpdated": "2026-04-28T16:10:52.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37202 (GCVE-0-2024-37202)
Vulnerability from nvd – Published: 2024-07-12 13:30 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.17 - Broken Access Control to XSS vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through <= 1.222.17.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/cus… | vdb-entryx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter |
Affected:
0 , ≤ 1.222.17
(custom)
|
Date Public
2026-04-01 16:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:13:11.160294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:32:10.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "custom-add-to-cart-button-for-woocommerce",
"product": "Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.222.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdi Pranata | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:17.901Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.\u003cp\u003eThis issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through \u003c= 1.222.17.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through \u003c= 1.222.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:56.530Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/custom-add-to-cart-button-for-woocommerce/vulnerability/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin \u003c= 1.222.17 - Broken Access Control to XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37202",
"datePublished": "2024-07-12T13:30:29.387Z",
"dateReserved": "2024-06-04T16:45:43.450Z",
"dateUpdated": "2026-04-28T16:09:56.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49855 (GCVE-0-2023-49855)
Vulnerability from nvd – Published: 2023-12-18 10:18 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/bc-… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Menu Bar Cart Icon For WooCommerce By Binary Carpenter |
Affected:
n/a , ≤ 1.49.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:57:30.921191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:58:05.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bc-menu-cart-woo",
"product": "Menu Bar Cart Icon For WooCommerce By Binary Carpenter",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.49.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Skalucy (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.\u003cp\u003eThis issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:58.710Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin \u003c= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49855",
"datePublished": "2023-12-18T10:18:11.399Z",
"dateReserved": "2023-11-30T17:13:03.351Z",
"dateUpdated": "2026-04-28T16:08:58.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48334 (GCVE-0-2025-48334)
Vulnerability from cvelistv5 – Published: 2025-05-30 08:42 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through <= 1.12.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Woo Slider Pro |
Affected:
0 , ≤ 1.12
(custom)
|
Date Public
2026-04-01 16:40
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48334",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:52:42.942035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:53:18.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woo-slider-pro-drag-drop-slider-builder-for-woocommerce",
"product": "Woo Slider Pro",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:40:41.806Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Woo Slider Pro: from n/a through \u003c= 1.12.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro woo-slider-pro-drag-drop-slider-builder-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through \u003c= 1.12."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:56.711Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/woo-slider-pro-drag-drop-slider-builder-for-woocommerce/vulnerability/wordpress-woo-slider-pro-1-12-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Woo Slider Pro \u003c= 1.12 - Arbitrary Content Deletion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-48334",
"datePublished": "2025-05-30T08:42:56.425Z",
"dateReserved": "2025-05-19T14:14:34.468Z",
"dateUpdated": "2026-04-28T16:12:56.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31758 (GCVE-0-2025-31758)
Vulnerability from cvelistv5 – Published: 2025-04-03 13:27 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Free Woocommerce Product Table View |
Affected:
0 , ≤ 1.78
(custom)
|
Date Public
2026-04-01 16:37
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-03T14:58:37.176643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T15:06:06.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "free-product-table-for-woocommerce",
"product": "Free Woocommerce Product Table View",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:37:58.860Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:12.273Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/free-product-table-for-woocommerce/vulnerability/wordpress-free-woocommerce-product-table-view-plugin-1-78-arbitrary-content-deletion-vulnerability?_s_id=cve"
}
],
"title": "WordPress Free Woocommerce Product Table View plugin \u003c= 1.78 - Arbitrary Content Deletion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31758",
"datePublished": "2025-04-03T13:27:13.294Z",
"dateReserved": "2025-04-01T13:19:14.440Z",
"dateUpdated": "2026-04-28T16:12:12.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31757 (GCVE-0-2025-31757)
Vulnerability from cvelistv5 – Published: 2025-04-01 14:51 – Updated: 2026-04-28 16:12
VLAI
Title
WordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through <= 1.78.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Free Woocommerce Product Table View |
Affected:
0 , ≤ 1.78
(custom)
|
Date Public
2026-04-01 16:37
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T20:32:35.840166Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T20:35:55.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "free-product-table-for-woocommerce",
"product": "Free Woocommerce Product Table View",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.78",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:37:58.667Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Free Woocommerce Product Table View free-product-table-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Free Woocommerce Product Table View: from n/a through \u003c= 1.78."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:12:12.228Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/free-product-table-for-woocommerce/vulnerability/wordpress-free-woocommerce-product-table-view-plugin-1-78-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Free Woocommerce Product Table View plugin \u003c= 1.78 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-31757",
"datePublished": "2025-04-01T14:51:13.704Z",
"dateReserved": "2025-04-01T13:19:14.440Z",
"dateUpdated": "2026-04-28T16:12:12.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55977 (GCVE-0-2024-55977)
Vulnerability from cvelistv5 – Published: 2024-12-16 14:31 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress LaunchPage.app Importer plugin <= 1.1 - SQL Injection vulnerability
Summary
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through <= 1.1.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | LaunchPage.app Importer |
Affected:
0 , ≤ 1.1
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T15:58:39.894728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:38:09.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "launchpage-app-importer",
"product": "LaunchPage.app Importer",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:48.371Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.\u003cp\u003eThis issue affects LaunchPage.app Importer: from n/a through \u003c= 1.1.\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027) vulnerability in BinaryCarpenter LaunchPage.app Importer launchpage-app-importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through \u003c= 1.1."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:52.890Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/launchpage-app-importer/vulnerability/wordpress-launchpage-app-importer-plugin-1-1-sql-injection-vulnerability?_s_id=cve"
}
],
"title": "WordPress LaunchPage.app Importer plugin \u003c= 1.1 - SQL Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-55977",
"datePublished": "2024-12-16T14:31:21.236Z",
"dateReserved": "2024-12-14T19:41:40.605Z",
"dateUpdated": "2026-04-28T16:10:52.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-37202 (GCVE-0-2024-37202)
Vulnerability from cvelistv5 – Published: 2024-07-12 13:30 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.17 - Broken Access Control to XSS vulnerability
Summary
Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through <= 1.222.17.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
| https://patchstack.com/database/vulnerability/cus… | vdb-entryx_transferred |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter |
Affected:
0 , ≤ 1.222.17
(custom)
|
Date Public
2026-04-01 16:26
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37202",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:13:11.160294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T14:32:10.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:55.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/custom-add-to-cart-button-for-woocommerce/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "custom-add-to-cart-button-for-woocommerce",
"product": "Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.222.17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdi Pranata | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:26:17.901Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.\u003cp\u003eThis issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through \u003c= 1.222.17.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in BinaryCarpenter Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter custom-add-to-cart-button-for-woocommerce.This issue affects Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter: from n/a through \u003c= 1.222.17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:56.530Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/custom-add-to-cart-button-for-woocommerce/vulnerability/wordpress-ultimate-custom-add-to-cart-button-ajax-for-woocommerce-by-binary-carpenter-plugin-1-222-16-broken-access-control-to-xss-vulnerability?_s_id=cve"
}
],
"title": "WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin \u003c= 1.222.17 - Broken Access Control to XSS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-37202",
"datePublished": "2024-07-12T13:30:29.387Z",
"dateReserved": "2024-06-04T16:45:43.450Z",
"dateUpdated": "2026-04-28T16:09:56.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-49855 (GCVE-0-2023-49855)
Vulnerability from cvelistv5 – Published: 2023-12-18 10:18 – Updated: 2026-04-28 16:08
VLAI
Title
WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)
Summary
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/bc-… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BinaryCarpenter | Menu Bar Cart Icon For WooCommerce By Binary Carpenter |
Affected:
n/a , ≤ 1.49.3
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:26.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T18:57:30.921191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T18:58:05.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "bc-menu-cart-woo",
"product": "Menu Bar Cart Icon For WooCommerce By Binary Carpenter",
"vendor": "BinaryCarpenter",
"versions": [
{
"lessThanOrEqual": "1.49.3",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Skalucy (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.\u003cp\u003eThis issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:08:58.710Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin \u003c= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2023-49855",
"datePublished": "2023-12-18T10:18:11.399Z",
"dateReserved": "2023-11-30T17:13:03.351Z",
"dateUpdated": "2026-04-28T16:08:58.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}