Known Vulnerabilities
CVE-2024-38726
Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.
HIGH
CVSS 7.5
Published Nov 01, 2024
CVE-2024-3608
The Product Designer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the product_designer_ajax_delete_attach_id() function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to delete arbitrary attachments.
MEDIUM
CVSS 5.3
Published Jul 09, 2024
CVE-2024-31277
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.
HIGH
CVSS 8.7
Published Apr 07, 2024