Filtered by vendor Roxnor Subscriptions
Filtered by product Shopengine Elementor Woocommerce Builder Addon Subscriptions

Search

Switch to Advanced Search (Beta)
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-12358 4 Elementor, Roxnor, Woocommerce and 1 more 4 Elementor, Shopengine Elementor Woocommerce Builder Addon, Woocommerce and 1 more 2025-12-04 4.3 Medium
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incorrect permissions callback in the "Api/init" function. This makes it possible for unauthenticated attackers to add or remove products from a user's wishlist via a forged request granted they can trick a site's user into performing an action such as clicking on a link.
CVE-2025-11888 4 Elementor, Roxnor, Woocommerce and 1 more 4 Elementor, Shopengine Elementor Woocommerce Builder Addon, Woocommerce and 1 more 2025-10-27 2.7 Low
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up to, and including, 4.8.4. This makes it possible for authenticated attackers, with Editor-level access and above, to activate and deactivate licenses.
CVE-2025-10173 4 Elementor, Roxnor, Woocommerce and 1 more 4 Elementor, Shopengine Elementor Woocommerce Builder Addon, Woocommerce and 1 more 2025-09-26 2.7 Low
The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due to an incorrect capability check on the post_save() function in all versions up to, and including, 4.8.3. This makes it possible for authenticated attackers, with Editor-level access and above, to update the plugin's settings.