3529 matches found
CVE-2026-15306
The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-12753
The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
CVE-2026-15306 Product Feed Manager For WooCommerce <= 7.6.1 - Reflected Cross-Site Scripting via 's' Search Parameter
The Product Feed Manager For WooCommerce – Sell on 200+ Online Marketplaces plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 's' Search Parameter in all versions up to, and including, 7.6.1 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-12753
The CVE-2026-12753 entry concerns the WordPress plugin “Advance Product Search- Voice & Ajax Search for WooCommerce” and its insecure handling of user input in the parameters 's' and 'match'. Affected versions are up to and including 1.4.4. The root cause is insufficient escaping and lack of prop...
CVE-2026-12753 Advance Product Search- Voice & Ajax Search for WooCommerce <= 1.4.4 - Unauthenticated SQL Injection via 's' and 'match' Parameter
The Advance Product Search- Voice & Ajax Search for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 's' and 'match' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation ...
CVE-2026-57773
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Zorem Advanced Shipment Tracking for WooCommerce woo-advanced-shipment-tracking allows Blind SQL Injection.This issue affects Advanced Shipment Tracking for WooCommerce: from n/a through = 4.0...
CVE-2026-57404
Missing Authorization vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking and Rental Manager: from n/a through = 2.6.9...
CVE-2026-57400
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57402
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdesk Flexible Refund and Return Order for WooCommerce flexible-refund-and-return-order-for-woocommerce allows Stored XSS.This issue affects Flexible Refund and Return Order for WooCommerce: from...
CVE-2026-57810
CVE-2026-57810 describes a SQL injection in the WordPress plugin APIExperts Square for WooCommerce (woosquare), affecting versions up to and including 4.7.4. The vulnerability is characterized as blind SQL injection due to improper neutralization of special elements in SQL queries. The provided d...
CVE-2026-61958
CVE-2026-61958 concerns the WordPress plugin “License Manager for WooCommerce” (license-manager-for-woocommerce) versions up to 3.0.17. The issue is a Missing Authorization vulnerability that allows exploitation through incorrectly configured access control, enabling arbitrary content deletion wi...
CVE-2026-57419
CVE-2026-57419 concerns the WordPress plugin Stock Locations for WooCommerce (versions up to and including 3.1.8). The vulnerability is described as a Missing Authorization / Broken Access Control issue, arising from incorrectly configured access control security levels. The CVE notes that this a...
CVE-2026-57402
CVE-2026-57402 concerns the WordPress plugin Flexible Refund and Return Order for WooCommerce (versions
CVE-2026-57400
The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...
CVE-2026-57424
CVE-2026-57424 affects the WordPress plugin Razorpay Payment Links for WooCommerce (rzp-woocommerce). Multiple sources describe a Missing Authorization / Broken Access Control vulnerability in versions up to and including 2.1.4, allowing exploitation of improperly configured access control. Conne...
CVE-2026-57409
The CVE describes a DOM-based Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Profit Products Tables for WooCommerce” (Active Products Tables for WooCommerce) by RealMag777, affecting versions up to and including 1.1.0. The issue arises from improper neutralization of input duri...
CVE-2026-57414 WordPress ChatBot for eCommerce – WoowBot plugin <= 4.6.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud ChatBot for eCommerce WoowBot woowbot-woocommerce-chatbot allows Stored XSS.This issue affects ChatBot for eCommerce WoowBot: from n/a through = 4.6.1...
CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57424 WordPress Razorpay Payment Links for WooCommerce plugin <= 2.1.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in knitpay Razorpay Payment Links for WooCommerce rzp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Razorpay Payment Links for WooCommerce: from n/a through = 2.1.4...
CVE-2026-57698 WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.12 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in VillaTheme Abandoned Cart Recovery for WooCommerce woo-abandoned-cart-recovery allows Authentication Abuse.This issue affects Abandoned Cart Recovery for WooCommerce: from n/a through = 1.1.12...