CVE-2025-11993

The WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8 via the 'settings' parameter in the 'importsettings' function. This is due to deserialization of untrusted data supplied via the import...

CVE-2026-39671

CVE-2026-39671 describes a Cross-Site Request Forgery (CSRF) vulnerability in the Dotstore Extra Fees Plugin for WooCommerce (woo-conditional-product-fees-for-checkout), affecting versions from n/a through 4.3.3. The connected sources consistently identify CSRF as the issue, with no additional te...

CVE-2026-25396 WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...

CVE-2026-24606

CVE-2026-24606 is a Missing Authorization (Broken Access Control) vulnerability in Bayarcash WooCommerce (bayarcash-wc) up to and including version 4.3.11 (and patched up to 4.3.12 per Patchstack). Exploitation relies on incorrectly configured access control security levels. Affected product: Bay...

CVE-2025-62096 WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Maximum Products per User for WooCommerce maximum-products-per-user-for-woocommerce allows Stored XSS.This issue affects Maximum Products per User for WooCommerce: from n/a through = 4.4....

WordPress WooCommerce HSS Extension for Streaming Video plugin <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter vulnerability

Reflected Cross-Site Scripting via videolink Parameter vulnerability discovered by vgo0 in WordPress Plugin WooCommerce HSS Extension for Streaming Video versions = 3.31...

WordPress Email Verification for WooCommerce plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Email Verification for WooCommerce versions = 3.0.2...

CVE-2025-66071

Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through = 1.11.0...

CVE-2025-64200

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through = 1.2.17...

CVE-2025-58656 WordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure Vulnerability

Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce estonian-shipping-methods-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Estonian Shipping Methods for WooCommerce: from n/a through = 1.7.2...

CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a through = 1.2.0...

CVE-2025-24373

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

CVE-2025-24373 Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips

woocommerce-pdf-invoices-packing-slips is an extension which allows users to create, print & automatically email PDF invoices & packing slips for WooCommerce orders. This vulnerability allows unauthorized users to access any PDF document from a store if they: 1. Have access to a guest document li...

WordPress plugin Taxi Booking Manager for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

WordPress plugin Radio Buttons and Swatches for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2025-22505 WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crispweb NC Wishlist for Woocommerce nc-wishlist-for-woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through = 1.0.1...

CVE-2024-12214

CVE-2024-12214 affects the WooCommerce HSS Extension for Streaming Video (WordPress). The vulnerability is a reflected Cross-Site Scripting (Reflected XSS) via the videolink parameter in all versions up to and including 3.31, caused by insufficient input sanitization and output escaping. Exploita...

CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter

The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘videolink’ parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-43312

Missing Authorization vulnerability in WPClever WPC Frequently Bought Together for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Frequently Bought Together for WooCommerce: from n/a through 7.1.9...

CVE-2024-29805

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ShopUp Shipping with Venipak for WooCommerce allows Reflected XSS.This issue affects Shipping with Venipak for WooCommerce: from n/a through 1.19.5...