3506 matches found
CVE-2026-49065
The CVE applies to WordPress Hippoo Mobile App for WooCommerce plugin versions
CVE-2026-49061
CVE-2026-49061 : Unauthenticated arbitrary file download in the WordPress plugin WPC Product Options for WooCommerce (versions
CVE-2026-48873
CVE-2026-48873 affects the WordPress plugin Montonio for WooCommerce (versions ≤ 10.1.2). The issue is Unauthenticated Broken Access Control in this plugin, allowing unauthenticated access to protected functionality (impact: high integrity impact; confidentiality/availability not affected per the...
CVE-2026-48873 WordPress Montonio for WooCommerce plugin <= 10.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Montonio for WooCommerce = 10.1.2 versions...
CVE-2026-42668 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.18.0 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...
CVE-2026-42386 WordPress Order Delivery Date for WooCommerce plugin <= 4.5.1 - SQL Injection vulnerability
Unauthenticated SQL Injection in Order Delivery Date for WooCommerce = 4.5.1 versions...
CVE-2026-40741
CVE-2026-40741 affects the WordPress plugin Redsys for WooCommerce Light up to version 7.0.0, exposing an unauthenticated broken access control vulnerability. The CVE entry notes unauthenticated access with high impact on integrity (CVSSv3.1: 7.5, I: High; A: None; C: None; V: Network, PR: None, ...
CVE-2026-39540
CVE-2026-39540 concerns WordPress plugin Shipment Tracker for Woocommerce (versions up to and including 1.5.3.2). The vulnerability is a Cross Site Scripting (XSS) issue in subscriber-facing context. Public sources indicate a CVSSv3.1 base score of 6.5 (Medium) with network attack vector, low att...
CVE-2026-39540 WordPress Shipment Tracker for Woocommerce plugin <= 1.5.3.2 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in Shipment Tracker for Woocommerce = 1.5.3.2 versions...
CVE-2026-39472 WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...
CVE-2026-39470
CVE-2026-39470 affects the WordPress plugin WooCommerce Cart Abandonment Recovery, specifically versions earlier than 2.1.0. The issue is a Privilege Escalation that allows a shop manager to gain higher privileges. The reported impact is Confidentiality, Integrity, and Availability at high severi...
CVE-2026-39441
CVE-2026-39441 affects the WordPress plugin Feed KuantoKusta for WooCommerce – Free, version
CVE-2026-34891 WordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce = 2.2.5 versions...
CVE-2026-52704
The vulnerability CVE-2026-52704 affects the WordPress WooCommerce PDF Invoice Builder plugin (
PT-2026-49459
Unauthenticated Broken Authentication in Email Marketing for WooCommerce by Omnisend = 1.18.0 versions...
PT-2026-49365
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce = 1.5.3 versions...
Exploit for CVE-2026-49777
CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pr...
CVE-2026-49060 WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile App for WooCommerce: from n/a through 1.9.4...
CVE-2026-49060
The CVE-2026-49060 entry concerns the WordPress plugin Hippoo Mobile App for WooCommerce. Affected: Hippoo Mobile App for WooCommerce plugin versions up to 1.9.4. Issue: Incorrect Privilege Assignment leading to Privilege Escalation. Impact: high risk across confidentiality, integrity, and availa...
WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability
Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...