Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

acowebs — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting acowebs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Acowebs develops WordPress plugins for e-commerce and form management, with 11 CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation, often stemming from insufficient input validation and improper access controls. Notable security characteristics include frequent updates to address flaws, though some vulnerabilities remained unpatched for extended periods. No major public security incidents have been documented, though the consistent pattern of vulnerabilities suggests ongoing security challenges in their plugin development lifecycle.

Top products by acowebs: PDF Invoices and Packing Slips For WooCommerce Product Table For WooCommerce Dynamic Pricing With Discount Rules for WooCommerce Product Labels For Woocommerce (Sale Badges) Product Labels For Woocommerce Wishlist and Save for later for Woocommerce Product Addons for Woocommerce – Product Options with Custom Fields Woocommerce Custom Product Addons Pro
CVE IDTitleCVSSSeverityPublished
CVE-2026-4001 Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula — Woocommerce Custom Product Addons ProCWE-95 9.8 Critical2026-03-23
CVE-2026-2296 Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter — Product Addons for Woocommerce – Product Options with Custom FieldsCWE-94 7.2 High2026-02-18
CVE-2025-12087 Wishlist and Save for later for Woocommerce <= 1.1.22 - Insecure Direct Object Reference to Authenticated (Subscriber+) Wishlist Item Deletion — Wishlist and Save for later for WoocommerceCWE-639 4.3 Medium2025-11-12
CVE-2025-47588 WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerability — Dynamic Pricing With Discount Rules for WooCommerceCWE-94 9.1 Critical2025-11-06
CVE-2025-62008 WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability — Product Table For WooCommerceCWE-502 8.8 High2025-10-22
CVE-2025-47544 WordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.8 - SQL Injection Vulnerability — Dynamic Pricing With Discount Rules for WooCommerceCWE-89 7.6 High2025-05-07
CVE-2025-22638 WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — Product Table For WooCommerceCWE-79 6.5 Medium2025-03-27
CVE-2024-53817 WordPress Acowebs Product Labels For Woocommerce plugin <= 1.5.8 - SQL Injection vulnerability — Product Labels For WoocommerceCWE-89 7.6 High2024-12-06
CVE-2024-30230 WordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerability — PDF Invoices and Packing Slips For WooCommerceCWE-502 8.2 High2024-03-28
CVE-2024-1773 PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection — PDF Invoices and Packing Slips For WooCommerceCWE-502 8.8 High2024-03-07
CVE-2024-24886 WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) — Product Labels For Woocommerce (Sale Badges)CWE-79 5.9 Medium2024-02-08

This page lists every published CVE security advisory associated with acowebs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.