{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:54:32.824","vulnerabilities":[{"cve":{"id":"CVE-2026-2296","sourceIdentifier":"security@wordfence.com","published":"2026-02-18T07:16:10.630","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Product Addons for Woocommerce – Product Options with Custom Fields plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 3.1.0. This is due to insufficient input validation of the 'operator' field in conditional logic rules within the evalConditions() function, which passes unsanitized user input directly to PHP's eval() function. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject and execute arbitrary PHP code on the server via the conditional logic 'operator' parameter when saving addon form field rules."},{"lang":"es","value":"El plugin Product Addons para Woocommerce – Product Options with Custom Fields para WordPress es vulnerable a la Inyección de Código en todas las versiones hasta la 3.1.0, inclusive. Esto se debe a una validación de entrada insuficiente del campo 'operator' en las reglas de lógica condicional dentro de la función evalConditions(), que pasa la entrada de usuario no saneada directamente a la función eval() de PHP. Esto hace posible que atacantes autenticados, con acceso de nivel de 'Shop Manager' o superior, inyecten y ejecuten código PHP arbitrario en el servidor a través del parámetro 'operator' de la lógica condicional al guardar las reglas de los campos del formulario de complemento."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L104","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/tags/3.0.19/includes/process/conditional-logic.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L104","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/woo-custom-product-addons/trunk/includes/process/conditional-logic.php#L84","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3458823%40woo-custom-product-addons&new=3458823%40woo-custom-product-addons&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c1edd7-2421-4dfa-8775-ca0497759d52?source=cve","source":"security@wordfence.com"}]}}]}