WordPress Checkout Field Editor (Checkout Manager) for WooCommerce plugin <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability

Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Checkout Field Editor Checkout Manager for WooCommerce versions = 2.1.7...

CVE-2025-10567

The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users...

CVE-2023-37969 WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1...

WordPress Checkout Mestres WP Plugin <= 8.6 is vulnerable to Local File Inclusion

Software Checkout Mestres WP Type Plugin Vulnerable versions = 8.6 Fixed in 8.6.1 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-44030 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 15bf1846430c Credits tahu.datar Required privilege...

WordPress Checkout Mestres WP Plugin <= 7.1.9.7 is vulnerable to SQL Injection

Software Checkout Mestres WP Type Plugin Vulnerable versions = 7.1.9.7 Fixed in 7.1.9.8 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-51469 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 3f69879bcd0c Credits Rafie Muhammad Patchstack Required...

WordPress Checkout Field Editor Plugin < 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Checkout Field Editor Type Plugin Vulnerable versions 1.7.5 Fixed in 1.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c60f262bf8c6 Credits foobar7 Required privilege...

WordPress Checkout for PayPal plugin <= 1.0.13 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Lana Codes in WordPress Checkout for PayPal plugin versions = 1.0.13. Solution Update the WordPress Checkout for PayPal plugin to the latest available version at least 1.0.14...