WordPress plugin Product Options and Price Calculation Formulas for WooCommerce – Uni CPO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

EUVD-2022-51396

Malicious code in bioql PyPI...

EUVD-2022-43971

Malicious code in bioql PyPI...

EUVD-2024-49250

Malicious code in bioql PyPI...

EUVD-2024-16894

Malicious code in bioql PyPI...

CVE-2025-9463

CVE-2025-9463 concerns the PeachPay Payments plugin for WooCommerce (and related Payments Plugin for WooCommerce) with a time-based SQL Injection via the order_by parameter. Wordfence’s details specify that all versions up to 1.117.5 are affected due to insufficient escaping and query preparation...

CVE-2025-9463 Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter

The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 1.117.5 due to insufficient escaping on the user supplied parameter and...

PT-2025-37021

Name of the Vulnerable Software and Affected Versions: Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net versions prior to 1.117.6 Description: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for...

PT-2024-16936 · Paypal +3 · Paypal +4

Name of the Vulnerable Software and Affected Versions: The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress versions prior to 1.112.1 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg...

CVE-2024-31430

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional, realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional:...

CVE-2024-1120

The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the downloadtoolssettings function in all versions up to, and including,...

CVE-2021-4337

Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to authorization bypass due to a missing capability check on the wpajaxsvxajaxfactory function in various versions listed below. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...