PT-2026-40011

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.1...

WordPress WooCommerce Square plugin <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability

Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure vulnerability discovered by DityaRA in WordPress Plugin WooCommerce Square versions = 5.1.1...

CVE-2025-13457

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

CVE-2025-13457

CVE-2025-13457 affects the WooCommerce Square plugin for WordPress (versions up to 5.1.1). The vulnerability is an Insecure Direct Object Reference in the get_token_by_id function due to missing validation on a user-controlled key, enabling unauthenticated attackers to exfiltrate arbitrary Square...

CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

EUVD-2026-1860

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

WordPress plugin WooCommerce Square 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2026-1703

Name of the Vulnerable Software and Affected Versions WooCommerce Square versions prior to 5.1.2 Description The WooCommerce Square plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the get token b...

EUVD-2023-39869

Malicious code in bioql PyPI...

CVE-2023-35876

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1...

CVE-2023-35876

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1...

CVE-2023-35876

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1...

Authorization

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1...

CVE-2023-35876

CVE-2023-35876 affects the WordPress plugin WooCommerce Square, specifically versions

CVE-2023-35876 WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1...

PT-2023-25355 · Unknown · Woocommerce Square

Name of the Vulnerable Software and Affected Versions: WooCommerce Square versions 3.8.1 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 3.8.1 and...

WordPress Plugin WooCommerce Square Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in the...

WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Square Type Plugin Vulnerable versions = 3.8.1 Fixed in 3.8.2 OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-35876 Patch priority Low CVSS severity Low 8.1 Developer Claim ownership PSID 8d6b886c011e Credits Rafie...