Lucene search
K

647 matches found

CVE
CVE
added 12 hours ago9 views

CVE-2026-11778

The CVE-2026-11778 entry concerns the CURCY – Multi Currency for WooCommerce plugin for WordPress (Smoothly on WooCommerce) up to version 2.2.14. The root cause is that the plugin executes actions without proper validation of a value before running do_shortcode, enabling unauthenticated attackers...

5.4CVSS6.3AI score
Exploits0References4
Nuclei
Nuclei
added 17 hours ago46 views

WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection

WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS7.3AI score0.0666EPSS
Exploits2References5
NVD
NVD
added yesterday6 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS
Exploits0References1
CVE
CVE
added 4 days ago9 views

CVE-2026-57340

CVE-2026-57340 describes an Unauthenticated Broken Access Control vulnerability in the WordPress plugin Japanized For WooCommerce versions up to 2.9.12 . The metric indicates a CVSS v3.1 base score of 6.5 (Medium) with attack vector Network , attack complexity Low , privileges required None , use...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-57340

Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.4 views

CVE-2026-56027

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.35 views

CVE-2026-56048 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.4 views

EUVD-2026-39690

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS5.8AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.31 views

CVE-2026-56025 WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:34 p.m.10 views

CVE-2026-56050

CVE-2026-56050 affects the WordPress PPOM for WooCommerce plugin (Themeisle) up to version 33.0.18. The issue is described as an Improper Access Control vulnerability, arising from incorrectly configured access control security levels within the PPOM for WooCommerce feature set. The available doc...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/25 1:4 p.m.4 views

WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin Subscriptions for WooCommerce versions = 1.9.5...

7.5CVSS5.8AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:4 a.m.5 views

WordPress Paymob for WooCommerce plugin <= 4.1.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Sajjad Haqi in WordPress Plugin Paymob for WooCommerce versions = 4.1.3...

7.5CVSS5.8AI score0.00238EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/17 4:45 p.m.6 views

WordPress Advanced Order Export For WooCommerce plugin <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection vulnerability

Authenticated Shop Manager+ SQL Injection vulnerability discovered by Yaswanth Reddy Sunkara in WordPress Plugin Advanced Order Export For WooCommerce versions = 4.0.10...

4.9CVSS5.9AI score0.00369EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/15 9:17 p.m.6 views

CVE-2026-48873

Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.15 views

CVE-2026-40741

CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...

7.5CVSS5.1AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.18 views

CVE-2026-39499

The connected PatchStack entry documents a PHP Object Injection vulnerability in the WordPress plugin “Advanced Product Fields (Product Addons) for WooCommerce” (versions

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.28 views

CVE-2026-39441 WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability

Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free = 5.3 versions...

9.3CVSS0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS5.5AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-49059

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0...

4.7CVSS5.4AI score0.00231EPSS
Exploits0References1
Rows per page
Query Builder