PT-2026-44035

Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...

WordPress Woo Commerce Minimum Weight plugin <= 3.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Woo Commerce Minimum Weight versions = 3.0.1...

CVE-2026-39671 WordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees Plugin for WooCommerce: from n/a through = 4.3.3...

CVE-2026-32398

Concurrent Execution using Shared Resource with Improper Synchronization 'Race Condition' vulnerability in Subrata Mal TeraWallet – For WooCommerce woo-wallet allows Leveraging Race Conditions.This issue affects TeraWallet – For WooCommerce: from n/a through = 1.5.15...

EUVD-2026-11870

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RadiusTheme ShopBuilder – Elementor WooCommerce Builder Addons shopbuilder allows Retrieve Embedded Sensitive Data.This issue affects ShopBuilder – Elementor WooCommerce Builder Addons: from n/a through =...

PT-2026-20766

Missing Authorization vulnerability in PI Web Solution Live sales notification for WooCommerce live-sales-notifications-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live sales notification for WooCommerce: from n/a through = 2.3.46...

CVE-2026-24992

Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensitive Data.This issue affects Advanced WooCommerce Product Sales Reporting: from n/a through = 4.1....

WordPress plugin MailerLite – WooCommerce integration; SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2025-51083

The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yith quick view shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

EUVD-2025-202082

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in alekv Pixel Manager for WooCommerce woocommerce-google-adwords-conversion-tracking-tag allows Retrieve Embedded Sensitive Data.This issue affects Pixel Manager for WooCommerce: from n/a through = 1.51.1...

CVE-2025-67542 WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SilkyPress Multi-Step Checkout for WooCommerce wp-multi-step-checkout allows DOM-Based XSS.This issue affects Multi-Step Checkout for WooCommerce: from n/a through = 2.33...

EUVD-2025-30484

Malicious code in bioql PyPI...

PT-2025-22746 · Woocommerce · Subaccounts For Woocommerce

Name of the Vulnerable Software and Affected Versions: Subaccounts for WooCommerce versions 1.6.6 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing Authentication Abuse. Recommendations: For Subaccounts for WooCommerce versions...

WordPress plugin Conditional Shipping for WooCommerce 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin ChillPay WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

PT-2025-14834 · Woocommerce · Booster For Woocommerce

Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce plugin for WordPress versions 4.0.1 through 7.2.4 Description: The issue is related to arbitrary file uploads due to missing file type validation in the validate product input fields on add to cart function. This allow...

WordPress Wallet System for WooCommerce plugin <= 2.6.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Tim Coen in WordPress Plugin Wallet System for WooCommerce versions = 2.6.2...

WordPress Custom Product Tabs For WooCommerce plugin <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection vulnerability

Authenticated Shop Manager+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Product Tabs For WooCommerce versions = 1.2.4...

WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Ni WooCommerce Cost Of Goods versions = 3.2.8...

CVE-2024-50448

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1...