Lucene search
+L

3529 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-15306

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS0.00215EPSS
Exploits0References6
NVD
NVD
added 3 days ago10 views

CVE-2026-12753

The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

7.5CVSS0.00304EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago40 views

CVE-2026-15306 Product Feed Manager For WooCommerce <= 7.6.1 - Reflected Cross-Site Scripting via 's' Search Parameter

The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...

6.1CVSS0.00215EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-12753

The CVE-2026-12753 entry concerns the WordPress plugin “Advance Product Search- Voice & Ajax Search for WooCommerce” and its insecure handling of user input in the parameters 's' and 'match'. Affected versions are up to and including 1.4.4. The root cause is insufficient escaping and lack of prop...

7.5CVSS6.1AI score0.00304EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-12753 Advance Product Search- Voice & Ajax Search for WooCommerce <= 1.4.4 - Unauthenticated SQL Injection via 's' and 'match' Parameter

The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...

7.5CVSS0.00304EPSS
Exploits0References5
NVD
NVD
added 6 days ago4 views

CVE-2026-57773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...

7.6CVSS0.00372EPSS
Exploits0References1
NVD
NVD
added 6 days ago3 views

CVE-2026-57404

Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...

6.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 6 days ago3 views

CVE-2026-57400

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00242EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-57402

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-57810

CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...

8.5CVSS6.1AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-61958

CVE-2026-61958 concerns the WordPress plugin “License Manager for WooCommerce” (license-manager-for-woocommerce) versions up to 3.0.17. The issue is a Missing Authorization vulnerability that allows exploitation through incorrectly configured access control, enabling arbitrary content deletion wi...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-57419

CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...

6.5CVSS6.1AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 6 days ago7 views

CVE-2026-57402

CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions

6.5CVSS6.1AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 6 days ago5 views

CVE-2026-57400

The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-57424

CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-57409

The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-57414 WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...

6.5CVSS0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago26 views

CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...

6.5CVSS0.00242EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...

6.5CVSS0.00252EPSS
Exploits0References1
Rows per page
Query Builder