CVE-2025-23903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...

EUVD-2024-35482

Malicious code in bioql PyPI...

EUVD-2022-28896

Malicious code in bioql PyPI...

WordPress plugin CashBill.pl – Płatności WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress...

CVE-2025-54713

Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager for WooCommerce: from n/a through = 1.3.0...

PT-2025-25671 · Rapyd · Rapyd Payment Extension For Woocommerce

Name of the Vulnerable Software and Affected Versions: Rapyd Payment Extension for WooCommerce versions 1.2.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially be exploited, although specific details about the...

CVE-2025-24767

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through = 3.19...

CVE-2025-47608

CVE-2025-47608 affects the WordPress plugin Recover abandoned cart for WooCommerce (versions n/a through 2.5). A SQL Injection flaw stems from improper neutralization of special elements, allowing an attacker to execute malicious SQL queries and potentially access sensitive data or alter behavior...

CVE-2025-31397

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows SQL Injection.This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a...

CVE-2024-32524

Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2...

CVE-2023-39159

Cross-Site Request Forgery CSRF vulnerability in theDotstore Fraud Prevention For Woocommerce plugin = 2.1.5 versions...

CVE-2022-45376

Cross-Site Request Forgery CSRF vulnerability in XootiX Side Cart Woocommerce Ajax 2.1 versions...

PT-2025-22672 · Unknown · Techspawn Whatscart

Name of the Vulnerable Software and Affected Versions: Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce versions 1.1.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of specia...

CVE-2025-48268

Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through = 1.2.6...

CVE-2025-47451

Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce product-quantity-dropdown-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Quantity Dropdown For Woocommerce: from n/a through = 1.2...

CVE-2025-32535

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in digireturn DN Shipping by Weight for WooCommerce dn-shipping-by-weight allows Reflected XSS.This issue affects DN Shipping by Weight for WooCommerce: from n/a through = 1.2...

CVE-2025-32209

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in totalprocessing Nomupay Payment Processing Gateway totalprocessing-card-payments allows Path Traversal.This issue affects Nomupay Payment Processing Gateway: from n/a through = 7.1.5...

CVE-2025-31089 WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fahad Mahmood Order Splitter for WooCommerce woo-order-splitter allows SQL Injection.This issue affects Order Splitter for WooCommerce: from n/a through = 5.3.0...

WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Build Private Store For Woocommerce versions = 1.0...

WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth vulnerability

Unauthenticated Arbitrary Shortcode Execution via wootgetsmth vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Active Products Tables for WooCommerce versions = 1.0.6.5...