CVE-2025-49417 WordPress WooCommerce Product Multi-Action plugin <= 1.3 - Deserialization of untrusted data Vulnerability

Deserialization of Untrusted Data vulnerability in BestWpDeveloper WooCommerce Product Multi-Action Woo-product-multiaction allows Object Injection.This issue affects WooCommerce Product Multi-Action: from n/a through = 1.3...

CVE-2025-39602

CVE-2025-39602 is a Missing Authorization vulnerability in the WordPress plugin WooCommerce Product Table Lite (versions up to and including 3.9.5). Multiple sources (NVD, patch provider) confirm the issue, with a CVSS v3.1 base score of 4.3 (Medium) and an impact profile of no confidentiality/av...

WordPress Booster Elite for WooCommerce Plugin < 7.1.2 is vulnerable to Sensitive Data Exposure

Software Booster Elite for WooCommerce Type Plugin Vulnerable versions 7.1.2 Fixed in 7.1.2 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-52234 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1cbd56a2d0a1 Credits Dave Jong...

CVE-2023-32795 WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3...

Finale WooCommerce Sale Countdown <= 2.9.0 - Arbitrary File Upload

The Finale Lite – Sales Countdown Timer & Discount for WooCommerce WordPress plugin was affected by an Arbitrary File Upload security vulnerability...