WordPress UpsellWP plugin <= 2.2.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin UpsellWP versions = 2.2.4...

CVE-2026-25419 WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through = 2.2.3...

CVE-2026-25419

CVE-2026-25419 is a Missing Authorization vulnerability described as Broken Access Control in the UpsellWP plugin (checkout-upsell-and-order-bumps). Affected software: UpsellWP for WordPress, version range from n/a through 2.2.5 (per initial doc); Red Hat entry and PatchStack reference reiterate ...

WordPress UpsellWP plugin <= 2.2.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Rapid0nion in WordPress Plugin UpsellWP versions = 2.2.3...