EUVD-2026-39714

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce = 7.1.1 versions...

EUVD-2026-39715

Unauthenticated Broken Access Control in Subscriptions for WooCommerce = 1.9.5 versions...

EUVD-2026-37643

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

CVE-2026-49065

Unauthenticated Broken Access Control in Hippoo Mobile App for WooCommerce = 1.9.5 versions...

CVE-2025-23903

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in woofx Local Shipping Labels for WooCommerce local-shipping-labels-for-woocommerce allows Reflected XSS.This issue affects Local Shipping Labels for WooCommerce: from n/a through = 1.0.0...

EUVD-2022-28896

Malicious code in bioql PyPI...

EUVD-2024-35482

Malicious code in bioql PyPI...

WordPress plugin CashBill.pl – Płatności WooCommerce 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. WordPress...

CVE-2025-54713

Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager for WooCommerce: from n/a through = 1.3.0...

PT-2025-25671 · Rapyd · Rapyd Payment Extension For Woocommerce

Name of the Vulnerable Software and Affected Versions: Rapyd Payment Extension for WooCommerce versions 1.2.0 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection. This can potentially be exploited, although specific details about the...

CVE-2025-24767

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Blind SQL Injection.This issue affects TicketBAI Facturas para WooCommerce: from n/a through = 3.19...

CVE-2025-47608

CVE-2025-47608 affects the WordPress plugin Recover abandoned cart for WooCommerce (versions n/a through 2.5). A SQL Injection flaw stems from improper neutralization of special elements, allowing an attacker to execute malicious SQL queries and potentially access sensitive data or alter behavior...

CVE-2025-31397

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce scw-bus-seat-reservation allows SQL Injection.This issue affects Bus Ticket Booking with Seat Reservation for WooCommerce: from n/a...

CVE-2024-32524

Missing Authorization vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2...

CVE-2023-39159

Cross-Site Request Forgery CSRF vulnerability in theDotstore Fraud Prevention For Woocommerce plugin = 2.1.5 versions...

CVE-2022-45376

Cross-Site Request Forgery CSRF vulnerability in XootiX Side Cart Woocommerce Ajax 2.1 versions...

PT-2025-22672 · Unknown · Techspawn Whatscart

Name of the Vulnerable Software and Affected Versions: Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce versions 1.1.0 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of specia...

CVE-2025-48268

Missing Authorization vulnerability in Guru Team Bot for Telegram on WooCommerce bot-for-telegram-on-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bot for Telegram on WooCommerce: from n/a through = 1.2.6...

CVE-2025-47451

Cross-Site Request Forgery CSRF vulnerability in silverplugins217 Product Quantity Dropdown For Woocommerce product-quantity-dropdown-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Quantity Dropdown For Woocommerce: from n/a through = 1.2...

CVE-2025-32535

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in digireturn DN Shipping by Weight for WooCommerce dn-shipping-by-weight allows Reflected XSS.This issue affects DN Shipping by Weight for WooCommerce: from n/a through = 1.2...