CVE-2026-6447 - Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings
CVE ID :CVE-2026-6447 Published : May 2, 2026, 5:29 a.m. | 37 minutes ago Description :The Call for Price for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2.0 due to insufficient input sanitization and
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] I built an image compressor that never sees your images published
- [CYBER] CVE-2026-31431 (Copy Fail) PHP PoC
- [CYBER] Trellix Confirms Source Code Breach With Unauthorized Repository Access
- [CYBER] Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
- [CYBER] CVE-2026-5110 - Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater
- [CYBER] CVE-2026-7647 - Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection