3463 matches found
CVE-2026-11364
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-11364 Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-11364
The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...
CVE-2026-56010
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...
CVE-2026-56029
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-57637
CVE-2026-57637 applies to the WordPress Abandoned Cart Lite for WooCommerce plugin (versions
CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...
CVE-2026-57632
CVE-2026-57632 affects the WordPress plugin “Email Marketing for WooCommerce by Omnisend” up to version 1.19.0. The vulnerability is described as a Broken Access Control issue in the subscriber flow, with the affected component being the Omnisend for WooCommerce integration. Connected documents c...
CVE-2026-56060 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability
Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...
CVE-2026-56061 WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...
CVE-2026-56061
CVE-2026-56061 concerns the WordPress Subscriptions for WooCommerce plugin, affected versions
CVE-2026-56029 WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...
CVE-2026-56027
This CVE pertains to the WordPress Booster for WooCommerce plugin. The affected component is Booster for WooCommerce
EUVD-2025-210347
The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...
CVE-2025-10268
The CVE-2025-10268 entry concerns the Printcart Web to Print Product Designer for WooCommerce WordPress plugin up to version 2.4.8. The vulnerability is a path traversal flaw that allows an attacker to retrieve directory listings for arbitrary server directories. Affected component: the plugin’s ...
EUVD-2026-39398
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...
CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability
Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...
CVE-2026-54848
WordPress plugin APIExperts Square for WooCommerce, version
EUVD-2026-39393
Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...
CVE-2026-56042
The CVE-2026-56042 entry concerns the WordPress plugin “Advanced Order Export For WooCommerce” (WooCommerce) with versions