Title: Vulnerable Software Report
Last modified: April 6, 2026

---

# Vulnerable Software Report

 *  Resolved [asw](https://wordpress.org/support/users/astreetweb/)
 * (@astreetweb)
 * [1 month, 3 weeks ago](https://wordpress.org/support/topic/vulnerable-software-report/)
 * Cross-Site Request Forgery to Settings Update vulnerability discovered in WordPress
   Plugin Hide Categories Or Products On Shop Page (versions <= 1.0.7)
 * The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable
   to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This
   is due to missing or incorrect nonce validation on the save_data_hcps() function.
   This makes it possible for unauthenticated attackers to update the plugin’s settings
   via a forged request granted they can trick a site administrator into performing
   an action such as clicking on a link.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Bastien Ho](https://wordpress.org/support/users/bastho/)
 * (@bastho)
 * [1 month, 2 weeks ago](https://wordpress.org/support/topic/vulnerable-software-report/#post-18879628)
 * Hi,
 * It seems that you mention another plugin. [Hide Categories and Products for Woocommerce](https://wordpress.org/plugins/hide-categories-products-woocommerce/)‘
   s last version is 1.2.10 and do not have `save_data_hcps()` function
 *  Thread Starter [asw](https://wordpress.org/support/users/astreetweb/)
 * (@astreetweb)
 * [1 month, 1 week ago](https://wordpress.org/support/topic/vulnerable-software-report/#post-18880587)
 * You are right. It was this one which has been closed.
   [https://wordpress.org/plugins/hide-categories-or-products-on-shop-page/](https://wordpress.org/plugins/hide-categories-or-products-on-shop-page/)
 * I am glad it is not yours.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerable-software-report%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/hide-categories-products-woocommerce/assets/icon.svg?rev
   =2645892)
 * [Hide Categories and Products for Woocommerce](https://wordpress.org/plugins/hide-categories-products-woocommerce/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/hide-categories-products-woocommerce/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/hide-categories-products-woocommerce/)
 * [Active Topics](https://wordpress.org/support/plugin/hide-categories-products-woocommerce/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/hide-categories-products-woocommerce/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/hide-categories-products-woocommerce/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [asw](https://wordpress.org/support/users/astreetweb/)
 * Last activity: [1 month, 1 week ago](https://wordpress.org/support/topic/vulnerable-software-report/#post-18880587)
 * Status: resolved