WordPress Product Addons & Fields for WooCommerce < 32.0.7 - Cross-Site Scripting

The Product Addons & Fields for WooCommerce WordPress plugin before version 32.0.7 contains a reflected cross-site scripting vulnerability. The plugin does not properly sanitize and escape some URL parameters in the admin panel, which could allow attackers to execute arbitrary JavaScript code in ...

CVE-2026-40725 WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WooCommerce Product Filters 2.0.6 versions...

CVE-2026-40725

CVE-2026-40725 affects the WordPress WooCommerce Product Filters plugin (versions

CVE-2026-49061

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-48883

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

CVE-2026-34902

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

CVE-2026-34902

CVE-2026-34902 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress plugin “WooCommerce Product Table Lite” up to version 4.6.3. The issue affects the plugin’s handling of input in the product table rendering, enabling XSS payloads to be executed in contexts wher...

CVE-2026-34902 WordPress WooCommerce Product Table Lite plugin <= 4.6.3 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WooCommerce Product Table Lite = 4.6.3 versions...

PT-2026-49488

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

WordPress WooCommerce Product Filters plugin < 2.0.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WooCommerce Product Filters versions 2.0.6...

CVE-2026-3830 Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

CVE-2026-3396

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

CVE-2026-1672

The BEAR – Bulk Editor and Products Manager Professional for WordPress (Pluginus.Net) is affected by a Cross-Site Request Forgery in all versions up to 1.1.5. The root cause is missing nonce validation on the woobe_redraw_table_row() function, enabling unauthenticated attackers to modify WooComme...

CVE-2026-25328

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through = 2.2.4...

CVE-2026-31921

Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through = 1.2.2...

CVE-2025-10679

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More WordPress plugin (up to v2.2.12) is vulnerable due to insufficient input validation in the bulkTenReviews function, allowing user-controlled data to be passed to a variable function call ...

CVE-2026-32406

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through = 8.4.5...

PT-2026-21159

Name of the Vulnerable Software and Affected Versions XforWooCommerce Product Filter for WooCommerce versions through 9.1.2 Description A privilege assignment issue exists in XforWooCommerce Product Filter for WooCommerce prdctfltr. This allows for privilege escalation. Recommendations Update...

CVE-2025-12975

The CVE-2025-12975 entry concerns CTX Feed – WooCommerce Product Feed Manager for WordPress (

WordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Ryviu Product Reviews for WooCommerce versions = 3.1.26...