CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

CVE-2026-42725

Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce: from n/a through =...

6.5CVSS5.4AI score0.0005EPSS

Exploits0References1

NVD•added 2026/05/27 11:16 a.m.•7 views

CVE-2026-42725

6.5CVSS0.0005EPSS

Exploits0References1

EUVD•added 2026/05/27 9:49 a.m.•9 views

EUVD-2026-32182

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•25 views

CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

6.5CVSS0.0005EPSS

Exploits0References1

CVE•added 2026/05/27 9:49 a.m.•7 views

CVE-2026-42725

CVE-2026-42725 describes an Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Checkout Files Upload for WooCommerce (versions

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Vulnrichment•added 2026/05/27 9:49 a.m.•6 views

CVE-2026-42725 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

CNNVD•added 2026/05/27 12:0 a.m.•4 views

WordPress plugin Checkout Files Upload for WooCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2026/05/27 12:0 a.m.•5 views

PT-2026-43637

6.5CVSS5.8AI score0.0005EPSS

Exploits0References2

Patchstack•added 2026/05/12 3:7 p.m.•7 views

WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by devploit in WordPress Plugin Checkout Files Upload for WooCommerce versions = 2.2.5...

6.5CVSS5.8AI score0.0005EPSS

Exploits0Affected Software1

CNVD•added 2025/11/20 12:0 a.m.•1 views

WordPress Checkout Files Upload for WooCommerce plugin Cross-Site Scripting Vulnerability

WordPress Checkout Files Upload for WooCommerce plugin is a plugin designed for the WordPress platform that allows users to upload files on the checkout page, often used to collect order-related documents or customization information. The WordPress Checkout Files Upload for WooCommerce plugin...

7.2CVSS6.2AI score0.00112EPSS

Exploits0References1

RedhatCVE•added 2025/11/19 10:23 a.m.•1 views

CVE-2025-4212

The Checkout Files Upload for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.2AI score0.00112EPSS

Exploits0References1

EUVD•added 2025/11/18 12:30 p.m.•1 views

EUVD-2025-197970

7.2CVSS4.8AI score0.00112EPSS

Exploits0References3

CNNVD•added 2025/11/18 12:0 a.m.•1 views

WordPress plugin Checkout Files Upload for WooCommerce 跨站脚本漏洞

7.2CVSS5.8AI score0.00112EPSS

Exploits0References2

Positive Technologies•added 2025/11/18 12:0 a.m.•3 views

PT-2025-47288

Name of the Vulnerable Software and Affected Versions Checkout Files Upload for WooCommerce plugin for WordPress versions up to and including 2.2.1 Description The plugin is susceptible to Stored Cross-Site Scripting through file uploads. Insufficient input sanitization and output escaping allow...

7.2CVSS5.6AI score0.00112EPSS

Exploits0References5

Patchstack•added 2025/11/17 11:28 p.m.•4 views

WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by Milinxee in WordPress Plugin Checkout Files Upload for WooCommerce versions = 2.2.1...

7.2CVSS5.7AI score0.00112EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/04/25 10:59 p.m.•8 views

CVE-2025-39520

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Stored XSS.This issue affects Checkout Files Upload for WooCommerce: from n/a through = 2.2.0...

6.5CVSS7.2AI score0.00532EPSS

Exploits0References1

CVE•added 2025/04/16 12:45 p.m.•41 views

CVE-2025-39520

CVE-2025-39520 is a stored XSS in the WordPress plugin “Checkout Files Upload for WooCommerce” (WP Wham Checkout Files Upload for WooCommerce) affecting versions up to 2.2.0. Root cause: improper input neutralization during web page generation. Impact: stored XSS could allow an attacker to inject...

6.5CVSS7.2AI score0.00532EPSS

Exploits0References1

Cvelist•added 2025/04/16 12:45 p.m.•18 views

CVE-2025-39520 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

6.5CVSS0.00532EPSS

Exploits0References1

CNNVD•added 2025/04/16 12:0 a.m.•1 views

WordPress plugin Checkout Files Upload for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6.8AI score0.00532EPSS

Exploits0References1

Positive Technologies•added 2022/11/21 12:0 a.m.•4 views

PT-2022-24034 · WordPress · Booster Elite For Woocommerce +2

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce WordPress plugin versions prior to 5.6.7 Booster Plus for WooCommerce WordPress plugin versions prior to 5.6.5 Booster Elite for WooCommerce WordPress plugin versions prior to 1.1.7 Description: The issue allows...

8.1CVSS7.9AI score0.00163EPSS

Exploits2References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by