Lucene search
K

157 matches found

NVD
NVD
added yesterday5 views

CVE-2026-61956

Cross-Site Request Forgery CSRF vulnerability in hamsalam ووسلام همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام همگام سازی ووکامرس و باسلام: from n/a through = 1.9.1...

7.1CVSS0.0016EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-9240

The Colissimo Officiel: Méthodes de livraison pour WooCommerce plugin for WordPress is affected by a missing authorization check in updateShippingMethod(), registered to the wp_ajax_lpc_order_affect AJAX action, for versions up to 2.9.0. The handler does not perform current_user_can() checks or n...

4.3CVSS6AI score0.00196EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42541

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS5.9AI score0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-11359 Memberships and User Profiles for WooCommerce <= 3.4 - Missing Authorization to Authenticated (Subscriber+) ProfileGrid Plugin Installation and Activation

The Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration plugin for WordPress is vulnerable to unauthorized plugin installation and activation in versions up to, and including, 3.4. This is due to a missing capability check and missing nonce validation on the...

4.3CVSS0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-13450

The GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.9.4 via the 'access' parameter due to missing validation on a user controlled key. This...

5.3CVSS5.9AI score0.00408EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/07/01 7:53 a.m.39 views

CVE-2026-11387 SMS Alert <= 3.9.5 - Unauthenticated Privilege Escalation via Arbitrary Password Reset

The SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.9.5. This is due to the plugin not properly validating a user's identity prior to updati...

9.8CVSS0.0038EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57632 WordPress Email Marketing for WooCommerce by Omnisend plugin <= 1.19.0 - Broken Access Control vulnerability

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend = 1.19.0 versions...

5.4CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-40741 WordPress Redsys for WooCommerce Light plugin <= 7.0.0 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Redsys for WooCommerce Light = 7.0.0 versions...

7.5CVSS0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.17 views

PT-2026-47026

Name of the Vulnerable Software and Affected Versions Hippoo Mobile App for WooCommerce versions prior to 1.9.5 Description An authentication bypass exists that allows for administrator account takeover. The issue stems from a logic conflation in the get user permissions function within...

9.8CVSS5.4AI score0.02841EPSS
Exploits1References16
NVD
NVD
added 2026/05/13 5:16 a.m.10 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS0.00227EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 3:26 a.m.7 views

CVE-2025-14755 Cost Calculator Builder <= 4.0.1 - Unauthenticated Price Manipulation and Insecure Direct Object Reference

The Cost Calculator Builder plugin for WordPress is vulnerable to Unauthenticated Price Manipulation and Insecure Direct Object Reference IDOR in all versions up to, and including, 4.0.1 only when used in combination with Cost Calculator Builder PRO. This is due to the ccbwoocommercepayment AJAX...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 3:26 a.m.14 views

CVE-2025-14755

The Cost Calculator Builder plugin for WordPress (

5.3CVSS5.8AI score0.00227EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/04/23 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-67945

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through = 3.1.2...

9.3CVSS5.5AI score0.0038EPSS
In wildExploits0References3
GithubExploit
GithubExploit
added 2026/04/18 9:25 a.m.133 views

Exploit for CVE-2026-1937

CVE-2026-1937 YayMail = 4.3.2 - Missing Authorization to A...

7.2CVSS6.1AI score0.00411EPSS
Exploits2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.25 views

CVE-2026-39662 WordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in ProWCPlugins Product Price by Formula for WooCommerce product-price-by-formula-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Price by Formula for WooCommerce: from n/a through = 2.5.6...

5.3CVSS0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39592 WordPress DEPART plugin <= 1.0.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/a through = 1.0.7...

5.8AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.3 views

CVE-2026-23977

Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through = 2.1.2...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/17 1:24 a.m.36 views

CVE-2026-2579 WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter

The WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the ‘search’ parameter in all versions up to, and including, 4.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

7.5CVSS0.00304EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.4 views

CVE-2026-32412

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

5.8AI score0.00168EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.6 views

CVE-2025-68834

Missing Authorization vulnerability in Saiful Islam Sync Master Sheet - Product Sync with Google Sheet for WooCommerce product-sync-master-sheet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sync Master Sheet - Product Sync with Google Sheet for...

7.5CVSS5.5AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder