Lucene search
K

3501 matches found

NVD
NVD
added yesterday4 views

CVE-2026-57773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57404

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...

6.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57400

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57402

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...

6.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-61958

CVE-2026-61958 concerns the WordPress plugin “License Manager for WooCommerce” (license-manager-for-woocommerce) versions up to 3.0.17. The issue is a Missing Authorization vulnerability that allows exploitation through incorrectly configured access control, enabling arbitrary content deletion wi...

5.4CVSS6.1AI score0.00287EPSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-57810

CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...

8.5CVSS6.1AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...

6.5CVSS0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57414 WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...

6.5CVSS0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2026-57402 WordPress Flexible Refund and Return Order for WooCommerce plugin <= 1.0.51 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...

6.5CVSS0.00224EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57419

CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...

6.5CVSS6.1AI score0.00299EPSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-57400

The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-57424

CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57402

CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions

6.5CVSS6.1AI score0.00224EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57409

The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...

7.1CVSS6.1AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00356EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-57390

The CVE concerns the WordPress plugin “Extra Product Options Builder for WooCommerce” (also listed as additional-product-fields-for-woocommerce). A Missing Authorization/Broken Access Control vulnerability affects the plugin in versions up to and including 1.2.167, enabling exploitation due to in...

6.5CVSS6.1AI score0.00332EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday16 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS6.1AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday20 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS6.1AI score0.01473EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday31 views

WordPress OrderConvo < 14 - Path Traversal

WooCommerce OrderConvo WordPress plugin \u003C 14 contains a path traversal vulnerability caused by improper validation of file download paths, letting unauthenticated attackers read or download arbitrary files remotely id: CVE-2025-10162 info: name: WordPress OrderConvo 14 - Path Traversal autho...

7.5CVSS6.2AI score0.03632EPSS
Exploits4References3
Rows per page
Query Builder