EUVD-2023-44032

Malicious code in bioql PyPI...

EUVD-2022-34810

Malicious code in bioql PyPI...

PT-2025-29999 · WordPress · Woocommerce Refund/Exchange With Rma - Warranty Management

Name of the Vulnerable Software and Affected Versions: WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet versions up to and including 3.2.6 Description: The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User...

CVE-2025-49319 WordPress Wishlist for WooCommerce <= 3.2.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wishlist for WooCommerce: from n/a through = 3.2.3...

CVE-2025-47641

Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through = 2.3.9...

CVE-2025-31056

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce WhatsCart-for-WooCommerce allows SQL Injection.This issue affects WhatsCart - Whatsapp...

CVE-2024-43310

Missing Authorization vulnerability in UkrSolution Print Barcode Labels for your WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Barcode Labels for your WooCommerce products/orders: from n/a through 3.4.9...

CVE-2025-48239

CVE-2025-48239 is a Stored XSS vulnerability in the WordPress plugin Product Notes Tab & Private Admin Notes for WooCommerce (affected: versions up to 3.1.0). The issue stems from improper neutralization of input during web page generation, enabling stored cross-site scripting. Public sources in ...

CVE-2025-47643

CVE-2025-47643 concerns ELEX Product Feed for WooCommerce (WordPress plugin). Affected versions are 3.1.2 and earlier, with the root cause described as improper neutralization of special elements in SQL commands, i.e., SQL Injection. The CVE is associated with multiple sources (NVD/Red Hat/CVE li...

CVE-2025-39520 WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Stored XSS.This issue affects Checkout Files Upload for WooCommerce: from n/a through = 2.2.0...

CVE-2025-32209

CVE-2025-32209: Authenticated arbitrary file download in Total processing card payments for WooCommerce (Totalprocessing). The Wordfence vulnerability detail confirms impact and that a patch is available; upgrade to the patched release to mitigate.

CVE-2025-22639 WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Distance Rate Shipping for WooCommerce allows Blind SQL Injection. This issue affects Distance Rate Shipping for WooCommerce: from n/a through 1.3.4...

CVE-2022-46807 WordPress Stock Sync for WooCommerce plugin <= 2.3.2 - Broken Access Control

Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2...

CVE-2023-2781 User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...