EUVD-2026-11930

Server-Side Request Forgery SSRF vulnerability in Gift Up! Gift Up Gift Cards for WordPress and WooCommerce gift-up allows Server Side Request Forgery.This issue affects Gift Up Gift Cards for WordPress and WooCommerce: from n/a through = 3.1.7...

CVE-2026-1455

The Whatsiplus Scheduled Notification for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'wsnfwsaveuserssettings' AJAX action. This makes it possible for unauthenticated...

WordPress WooCommerce Social Login plugin <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password vulnerability

Unauthenticated Privilege Escalation via One-Time Password vulnerability discovered by Vu Nguyen maxntv in WordPress Plugin WooCommerce Social Login versions = 2.7.3...

CVE-2023-49185

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7...

CVE-2025-62088

Server-Side Request Forgery SSRF vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site wpscraper allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through = 1.0.7...

WordPress plugin WordPress & WooCommerce Scraper Plugin, Import Data from Any Site 代码问题漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...

CVE-2025-11691

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the PPOMMeta::getfieldsbyid function in all versions up to, and including, 33.0.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

CVE-2025-10162

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack...

EUVD-2022-15545

Malicious code in bioql PyPI...

EUVD-2025-25167

Malicious code in bioql PyPI...

CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

CVE-2025-7654

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

CVE-2025-7654 Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library

Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wfgetcookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including authentication cookies of other site users, which may make...

CVE-2025-28955

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce fwdevp allows Path Traversal.This issue affects Easy Video Player Wordpress & WooCommerce: from n/a through = 10.0...

CVE-2025-49417 WordPress WooCommerce Product Multi-Action plugin <= 1.3 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue affects WooCommerce Product Multi-Action: from n/a through = 1.3...

CVE-2025-30972 WordPress Woocommerce Line Notify plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce Line Notify: from n/a through = 1.1.7...

CVE-2025-48118 WordPress Woocommerce Partial Shipment <= 3.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WpExperts Hub Woocommerce Partial Shipment allows SQL Injection. This issue affects Woocommerce Partial Shipment: from n/a through 3.2...

CVE-2025-24762 WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability

Missing Authorization vulnerability in facturaone TicketBAI Facturas para WooCommerce wp-ticketbai allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TicketBAI Facturas para WooCommerce: from n/a through = 3.45...

CVE-2025-48331 WordPress WooCommerce Orders & Customers Exporter <= 5.0 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from n/a through 5.0...

WordPress WooCommerce plugin <=9.3.2,9.4-9.4.2 - PostMessage-Based Cross-Site Scripting

PostMessage-Based Cross-Site Scripting vulnerability discovered by Antonio Rocco Spataro in WordPress Plugin WooCommerce versions = 9.3.2...