Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3405 matches found

Cvelist
Cvelistadded 2 hours ago4 views

CVE-2026-56050 WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18...

6.5CVSS
Exploits0References1
EUVD
EUVDadded 2 hours ago2 views

EUVD-2026-39393

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3...

8.3CVSS
Exploits0References1
CVE
CVEadded 2 hours ago13 views

CVE-2026-54848

WordPress plugin APIExperts Square for WooCommerce, version

8.3CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2 hours ago3 views

CVE-2026-56042

The CVE-2026-56042 entry concerns the WordPress plugin “Advanced Order Export For WooCommerce” (WooCommerce) with versions

7.1CVSS5.8AI score
Exploits0References1
Cvelist
Cvelistadded 2 hours ago3 views

CVE-2026-56042 WordPress Advanced Order Export For WooCommerce plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability

Customer Cross Site Scripting XSS in Advanced Order Export For WooCommerce = 4.0.9 versions...

7.1CVSS
Exploits0References1
CVE
CVEadded 2 hours ago7 views

CVE-2026-56013

The CVE describes an unauthenticated Insecure Direct Object References (IDOR) in the WordPress License Manager for WooCommerce plugin, affected versions up to 3.0.15. The vulnerability stems from insecure direct object references that could allow unauthenticated access to license data. Connected ...

6.5CVSS5.8AI score
Exploits0References1
CVE
CVEadded 2 hours ago9 views

CVE-2026-54849

CVE-2026-54849 concerns WordPress Premmerce Wishlist for WooCommerce plugin versions &lt;= 1.1.11, with unauthenticated SQL injection vulnerability. The connected records confirm the affected software (Premmerce Wishlist for WooCommerce), the vulnerable component (the plugin’s request handling le...

9.3CVSS5.9AI score
Exploits0References1
Cvelist
Cvelistadded 2 hours ago3 views

CVE-2026-54849 WordPress Premmerce Wishlist for WooCommerce plugin <= 1.1.11 - SQL Injection vulnerability

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce = 1.1.11 versions...

9.3CVSS
Exploits0References1
Nuclei
Nucleiadded 10 hours ago10 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS5.8AI score0.02841EPSS
Exploits0References2
Nuclei
Nucleiadded 10 hours ago13 views

Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update

YIKES Inc. Custom Product Tabs for WooCommerce plugin \u003C= 1.7.7 contains a broken access control caused by improper permission checks in &yikes-the-content-toggle option update, letting attackers modify content without authorization. id: CVE-2022-28666 info: name: Custom Product Tabs for...

5.3CVSS6AI score0.01184EPSS
Exploits1References1
Nuclei
Nucleiadded 10 hours ago16 views

WCAPF WooCommerce Ajax Product Filter - SQL Injection

WCAPF WooCommerce Ajax Product Filter = 4.2.3 contains a time-based SQL injection caused by insufficient escaping of the 'post-author' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-3396 info: name: WCAPF WooCommerce Ajax Product Filter ...

7.5CVSS5.9AI score0.01473EPSS
Exploits0References2
Nuclei
Nucleiadded 10 hours ago11 views

WordPress OrderConvo < 14 - Path Traversal

WooCommerce OrderConvo WordPress plugin \u003C 14 contains a path traversal vulnerability caused by improper validation of file download paths, letting unauthenticated attackers read or download arbitrary files remotely id: CVE-2025-10162 info: name: WordPress OrderConvo 14 - Path Traversal autho...

7.5CVSS6AI score0.03656EPSS
Exploits4References3
EUVD
EUVDadded yesterday6 views

EUVD-2026-38686

The WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the yapacdevgenerateorderpdf. This makes it possible for unauthenticated attackers to extract sensitive customer PII and order...

5.3CVSS5.9AI score0.00308EPSS
Exploits0References7
CVE
CVEadded yesterday8 views

CVE-2026-9612

The CVE-2026-9612 entry concerns the WhatsOrder – Instant Checkout for WooCommerce plugin for WordPress. Affects versions up to 1.0.1 and is caused by the yapacdev_generate_order_pdf function, which exposes sensitive customer PII and order details. Attack flow: an unauthenticated user can enumera...

5.3CVSS5.9AI score0.00308EPSS
Exploits0References7
EUVD
EUVDadded yesterday7 views

EUVD-2026-38683

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notab...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelistadded yesterday25 views

CVE-2026-8865 Avalon23 Products Filter for WooCommerce <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Avalon23 Products Filter for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'avalon23qr' shortcode in all versions up to, and including, 1.1.6. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notab...

6.4CVSS0.00193EPSS
Exploits0References4
Patchstack
Patchstackadded 2 days ago5 views

WordPress Avalon23 Products Filter for WooCommerce plugin <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Avalon23 Products Filter for WooCommerce versions = 1.1.6...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
NVD
NVDadded 3 days ago8 views

CVE-2026-4110

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 3 days ago4 views

CVE-2026-4259

The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
Patchstack
Patchstackadded 6 days ago7 views

WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by dodoh4t in WordPress Plugin License Manager for WooCommerce versions = 3.0.15...

6.5CVSS5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder