657 matches found
WordPress Pricing Deals for WooCommerce <=2.0.2.02 - SQL Injection
WordPress Pricing Deals for WooCommerce plugin through 2.0.2.02 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or...
CVE-2026-57810 WordPress APIExperts Square for WooCommerce plugin <= 4.7.4 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal APIExperts Square for WooCommerce woosquare allows Blind SQL Injection.This issue affects APIExperts Square for WooCommerce: from n/a through = 4.7.4...
CVE-2026-57709 WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...
CVE-2026-57709
CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...
CVE-2026-57709
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in WP Swings Membership For WooCommerce membership-for-woocommerce allows Path Traversal.This issue affects Membership For WooCommerce: from n/a through = 3.1.0...
PT-2026-57748
Name of the Vulnerable Software and Affected Versions Membership For WooCommerce versions prior to 3.1.1 Description A Path Traversal issue exists in the Membership For WooCommerce plugin. This flaw allows an attacker to access files and directories outside of the intended restricted directory by...
CVE-2026-12103
The Wallet for WooCommerce plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.6.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...
CVE-2026-12103
CVE-2026-12103 affects the Wallet for WooCommerce WordPress plugin (
WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by sebbealb in WordPress Plugin Membership For WooCommerce versions = 3.1.0...
WordPress Free Gifts for WooCommerce plugin <= 13.1.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Free Gifts for WooCommerce versions = 13.1.0...
CVE-2026-11778
The CVE-2026-11778 entry concerns the CURCY – Multi Currency for WooCommerce plugin for WordPress (Smoothly on WooCommerce) up to version 2.2.14. The root cause is that the plugin executes actions without proper validation of a value before running do_shortcode, enabling unauthenticated attackers...
CVE-2026-14352 AR for WooCommerce <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read via 'file' Parameter
The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...
CVE-2026-57753
Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...
CVE-2026-39448 WordPress NOWPayments for WooCommerce plugin <= 1.4.0 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in NOWPayments for WooCommerce = 1.4.0 versions...
CVE-2026-57340
Unauthenticated Broken Access Control in Japanized For WooCommerce = 2.9.12 versions...
CVE-2026-57340
CVE-2026-57340 describes an Unauthenticated Broken Access Control vulnerability in the WordPress plugin Japanized For WooCommerce versions up to 2.9.12 . The metric indicates a CVSS v3.1 base score of 6.5 (Medium) with attack vector Network , attack complexity Low , privileges required None , use...
CVE-2026-56027
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-56048 WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References IDOR in Payment Gateway Based Fees and Discounts for WooCommerce = 3.0.0 versions...
EUVD-2026-39690
Customer Arbitrary File Upload in Booster for WooCommerce = 8.0.1 versions...
CVE-2026-56025 WordPress Paymob for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...