Lucene search
K

3481 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-12936 Recurio <= 1.1.3 - Authenticated (Shop Manager+) SQL Injection via 'data' Parameter

The Recurio – Ultimate Subscription for WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'data' parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

4.9CVSS0.00266EPSS
Exploits0References4
NVD
NVD
added 4 days ago8 views

CVE-2026-14500

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS0.00333EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42175

The Bulk Order Update for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 1.6. This is due to the bouwfetchcsvdata AJAX handler being registered on the wpajaxnopriv hook with no capability or nonce check, and passing the attacker-supplied...

5.3CVSS6.1AI score0.00333EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42009

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS6.3AI score0.00745EPSS
Exploits0References11
Patchstack
Patchstack
added 6 days ago6 views

WordPress AR for WooCommerce plugin <= 8.40 - Unauthenticated Path Traversal to Arbitrary File Read vulnerability

Unauthenticated Path Traversal to Arbitrary File Read vulnerability discovered by CHOIGYEONGMIN in WordPress Plugin AR For Woocommerce versions = 8.40...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/07/03 9:16 a.m.7 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS0.00255EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 7:53 a.m.36 views

CVE-2026-11778 CURCY <= 2.2.14 - Unauthenticated Arbitrary Shortcode Execution via 'exchange' Parameter

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS0.00255EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 7:53 a.m.7 views

EUVD-2026-41521

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-11778

The The CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.2.14. This is due to the software allowing users to execute an action that does not properly validate a value...

5.4CVSS6.3AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 4:30 a.m.7 views

EUVD-2026-41488

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 4:30 a.m.22 views

CVE-2026-9725

The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 4:30 a.m.11 views

CVE-2026-9725

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/03 4:30 a.m.6 views

EUVD-2026-41485

The AR for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.40 via the 'file' parameter parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive...

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
CVE
CVE
added 2026/07/03 4:30 a.m.22 views

CVE-2026-14352

AR for WooCommerce

7.5CVSS5.9AI score0.00473EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57758

Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...

7.1CVSS5.8AI score0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:15 a.m.15 views

CVE-2026-57753

The CVE-2026-57753 entry concerns the WordPress Kit (formerly ConvertKit) for WooCommerce plugin, affected versions 2.1.5 and earlier. Description indicates an unauthenticated sensitive data exposure vulnerability in these versions. The provided documents do not specify the exact root cause, vuln...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.36 views

CVE-2026-57753 WordPress Kit (formerly ConvertKit) for WooCommerce plugin <= 2.1.5 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Kit formerly ConvertKit for WooCommerce = 2.1.5 versions...

5.3CVSS0.00206EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.24 views

CVE-2026-57677

The CVE concerns the WordPress Novalnet Payment Gateway for WooCommerce plugin, affected versions

9.8CVSS5.8AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...

9.8CVSS0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.30 views

CVE-2026-49779 WordPress Tax Exempt for WooCommerce plugin <= 1.9.3 - Path Traversal vulnerability

Customer Path Traversal in Tax Exempt for WooCommerce = 1.9.3 versions...

6.5CVSS0.00343EPSS
Exploits0References1
Rows per page
Query Builder