Lucene search
+L

657 matches found

Nuclei
Nuclei
added 18 hours ago65 views

WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection

WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...

9.8CVSS8.8AI score0.07942EPSS
Exploits2References5
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57810 WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...

8.5CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57709 WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...

8.6CVSS0.00382EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-57709

CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago2 views

CVE-2026-57709

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago5 views

PT-2026-57748

Name of the Vulnerable Software and Affected Versions Membership For WooCommerce versions prior to 3.1.1 Description A Path Traversal issue exists in the Membership For WooCommerce plugin. This flaw allows an attacker to access files and directories outside of the intended restricted directory by...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-12103

The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00286EPSS
Exploits0References10
CVE
CVE
added 6 days ago12 views

CVE-2026-12103

CVE-2026-12103 affects the Wallet for WooCommerce WordPress plugin (

4.3CVSS6.2AI score0.00286EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/07/09 2:18 p.m.5 views

WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by sebbealb in WordPress Plugin Membership For WooCommerce versions = 3.1.0...

8.6CVSS6.1AI score0.00382EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 9:39 a.m.5 views

WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Free Gifts for WooCommerce versions = 13.1.0...

7.1CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/07/03 7:53 a.m.13 views

CVE-2026-11778

The CVE-2026-11778 entry concerns the CURCY – Multi Currency for WooCommerce plugin for WordPress (Smoothly on WooCommerce) up to version 2.2.14. The root cause is that the plugin executes actions without proper validation of a value before running do_shortcode, enabling unauthenticated attackers...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 4:30 a.m.35 views

CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS0.00473EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57753

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...

7.5CVSS0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:36 p.m.8 views

CVE-2026-57340

Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 1:36 p.m.18 views

CVE-2026-57340

CVE-2026-57340 describes an Unauthenticated Broken Access Control vulnerability in the WordPress plugin Japanized For WooCommerce versions up to 2.9.12 . The metric indicates a CVSS v3.1 base score of 6.5 (Medium) with attack vector Network , attack complexity Low , privileges required None , use...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-56027

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.39 views

CVE-2026-56048 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...

6.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.9 views

EUVD-2026-39690

Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...

9.9CVSS5.8AI score0.00328EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-56025 WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

7.5CVSS0.00238EPSS
Exploits0References1
Rows per page
Query Builder