Skip to main content

Japanized For Woocommerce

3 CVEs product

Monthly

CVE-2026-57340 MEDIUM This Month

Unauthenticated broken access control in the Japanized For WooCommerce WordPress plugin (versions <= 2.9.12) allows remote unauthenticated attackers to bypass authorization checks and perform restricted operations, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or user interaction is required, lowering the exploitation barrier significantly for any exposed WordPress site running this plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, though the low complexity and zero-privilege requirement make this accessible to unsophisticated attackers.

Authentication Bypass WordPress Japanized For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-0948 MEDIUM POC This Month

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Japanized For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-0942 MEDIUM POC PATCH THREAT This Month

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.1%.

XSS WordPress Japanized For Woocommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
46.1%
Threat
4.1
EPSS 0% CVSS 6.5
MEDIUM This Month

Unauthenticated broken access control in the Japanized For WooCommerce WordPress plugin (versions <= 2.9.12) allows remote unauthenticated attackers to bypass authorization checks and perform restricted operations, resulting in limited integrity and availability impact. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no authentication or user interaction is required, lowering the exploitation barrier significantly for any exposed WordPress site running this plugin. No public exploit code or CISA KEV listing has been identified at time of analysis, though the low complexity and zero-privilege requirement make this accessible to unsophisticated attackers.

Authentication Bypass WordPress Japanized For Woocommerce
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Japanized For Woocommerce
NVD WPScan
EPSS 46% 4.1 CVSS 6.1
MEDIUM POC PATCH THREAT This Month

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.1%.

XSS WordPress Japanized For Woocommerce
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy