Premmerce

Vulnerabilities 9Slug premmerceLatest version 1.3.23WordPress.org →

Minimum safe version

1.3.21

Update to 1.3.21 or later to address 9 fixable vulnerabilities

Latest available1.3.23
Medium 6.4
2026-02-07< 1.3.21

Premmerce <= 1.3.20 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'premmerce_wizard_actions' AJAX Endpoint

EUVDWordfenceCVE
Medium 6.3
2024-10-16< 1.3.16

Freemius SDK <= 2.4.2 - Missing Authorization Checks

CVE
N/A
2023-07-18< 1.3.18

WordPress Premmerce Plugin <= 1.3.17 is vulnerable to Cross Site Scripting (XSS)

PatchstackWPScanCVE
N/A
2022-03-04< 1.3.16

Freemius SDK <= 2.4.2 - Missing Authorization Checks

Wordfence
N/A
2022-02-28< 1.3.16

WordPress Premmerce plugin <= 1.3.15 - Sensitive Information Disclosure vulnerability

Patchstack
N/A
2022-02-28< 1.3.16

WordPress Premmerce plugin <= 1.3.15 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Patchstack