Lucene search
K

3463 matches found

NVD
NVD
added 2026/06/27 8:16 a.m.10 views

CVE-2026-11364

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS0.00213EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.30 views

CVE-2026-11364 Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS0.00213EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.8 views

CVE-2026-11364

The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due to a missing capability check and missing nonce verification in the invoke methods of the...

4.3CVSS5.9AI score0.00213EPSS
Exploits0References9
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56010

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce = 10.4.0 versions...

8.8CVSS0.00378EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56029

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57637

CVE-2026-57637 applies to the WordPress Abandoned Cart Lite for WooCommerce plugin (versions

4.3CVSS5.8AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.34 views

CVE-2026-57635 WordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in FunnelKit Payment Gateway for Stripe WooCommerce = 1.14.0.3 versions...

6.5CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.17 views

CVE-2026-57632

CVE-2026-57632 affects the WordPress plugin “Email Marketing for WooCommerce by Omnisend” up to version 1.19.0. The vulnerability is described as a Broken Access Control issue in the subscriber flow, with the affected component being the Omnisend for WooCommerce integration. Connected documents c...

5.4CVSS5.8AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.35 views

CVE-2026-56060 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

7.5CVSS0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56061 WordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

7.5CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.10 views

CVE-2026-56061

CVE-2026-56061 concerns the WordPress Subscriptions for WooCommerce plugin, affected versions

7.5CVSS5.8AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56029 WordPress CorvusPay WooCommerce Payment Gateway plugin <= 2.7.4 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway = 2.7.4 versions...

7.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.22 views

CVE-2026-56027

This CVE pertains to the WordPress Booster for WooCommerce plugin. The affected component is Booster for WooCommerce

9.9CVSS5.8AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 6:0 a.m.8 views

EUVD-2025-210347

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server...

5.3CVSS5.9AI score0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 6:0 a.m.10 views

CVE-2025-10268

The CVE-2025-10268 entry concerns the Printcart Web to Print Product Designer for WooCommerce WordPress plugin up to version 2.4.8. The vulnerability is a path traversal flaw that allows an attacker to retrieve directory listings for arbitrary server directories. Affected component: the plugin’s ...

5.3CVSS5.9AI score0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:34 p.m.6 views

EUVD-2026-39398

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:34 p.m.36 views

CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:26 p.m.21 views

CVE-2026-54848

WordPress plugin APIExperts Square for WooCommerce, version

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:26 p.m.5 views

EUVD-2026-39393

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS5.8AI score0.00182EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.12 views

CVE-2026-56042

The CVE-2026-56042 entry concerns the WordPress plugin “Advanced Order Export For WooCommerce” (WooCommerce) with versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder