PT-2026-27936

Name of the Vulnerable Software and Affected Versions File Uploader for WooCommerce versions through 1.0.4 Description The File Uploader for WooCommerce software contains a path traversal flaw. The issue is due to insufficient sanitization of user-supplied input, specifically allowing the use of...

PT-2026-27900

Name of the Vulnerable Software and Affected Versions Product File Upload for WooCommerce versions n/a through 2.2.4 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in Product File Upload for WooCommerce. This allows for...

CVE-2026-32457

Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields Product Addons for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Product Fields Product Addons for WooCommerce:...

CVE-2025-68023

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through = 1.1.17...

CVE-2025-68023

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through = 1.1.17...

CVE-2025-68025 WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability

Missing Authorization vulnerability in Addonify Addonify Floating Cart For WooCommerce addonify-floating-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify Floating Cart For WooCommerce: from n/a through = 1.2.17...

CVE-2025-68023 WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability

Missing Authorization vulnerability in Addonify Addonify – Compare Products For WooCommerce addonify-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – Compare Products For WooCommerce: from n/a through = 1.1.17...

CVE-2026-2019

The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval function. This makes it possible for authenticated...

CVE-2026-24625 WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from n/a through = 1.7.3...

CVE-2026-24625

CVE-2026-24625 describes a Missing Authorization flaw in Imaginate Solutions File Uploads Addon for WooCommerce (woo-addon-uploads) affecting versions up to and including 1.7.3. Public records from NVD/Red Hat/CVE listing confirm the issue is a broken access control vulnerability with a stated im...

CVE-2025-12358

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

EUVD-2025-200980

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update

The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the postdeactive function and postactivate function in all versions up to, and including, 4.8.4...

CVE-2025-11888

The CVE-2025-11888 entry concerns the WordPress plugin ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution. Affected versions are

CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

EUVD-2024-40592

Malicious code in bioql PyPI...

EUVD-2025-6636

Malicious code in bioql PyPI...

CVE-2025-10173

Technical details about CVE-2025-10173 (ShopEngine Elementor WooCommerce Builder Addon) are not provided in the connected documents. Monitor for updates from vendors/security advisories.

CVE-2025-26553

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spring Devs Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin wc-pre-order allows Reflected XSS.This issue affects Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin:...

CVE-2024-43943

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wpsoul Greenshift Woocommerce Addon allows SQL Injection.This issue affects Greenshift Woocommerce Addon: from n/a before 1.9.8...