CVE-2026-49061 WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce = 3.2.1 versions...

CVE-2026-48883 WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

CVE-2026-48883 WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

EUVD-2026-36858

Unauthenticated Broken Access Control in WPC Product Bundles for WooCommerce = 8.5.3 versions...

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Arbitrary File Download vulnerability discovered by Mitchell in WordPress Plugin WPC Product Options for WooCommerce versions = 3.2.1...

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-6725

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

WordPress WPC Product Bundles for WooCommerce plugin <= 8.5.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jakub Herman in WordPress Plugin WPC Product Bundles for WooCommerce versions = 8.5.3...

CVE-2025-14767

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-14767 WPC Badge Management for WooCommerce <= 3.1.6 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'text' Attribute

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2025-209823

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbmbestseller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2026-40581

The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcbm best seller shortcode in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2026-6725

CVE-2026-6725 affects the WordPress plugin WPC Smart Messages for WooCommerce (WordPress plugin). The vulnerability is a Stored Cross-Site Scripting (XSS) via the wpcsm_text_rotator shortcode attribute text in all versions up to and including 4.2.8 , caused by insufficient input sanitization and ...

CVE-2026-6725 WPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute

The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...

WordPress plugin WPC Smart Messages for WooCommerce 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2026-32407

Technical details (affected product, vulnerable component, impact, or remediation) are not publicly provided in the supplied documents; monitor for updates.

CVE-2026-32406 WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through = 8.4.5...

CVE-2026-32406

CVE-2026-32406 describes a Missing Authorization vulnerability in the WordPress plugin WPC Product Bundles for WooCommerce (WooCommerce extension by WPClever), affecting versions &lt;= 8.4.5. Root cause: Broken/Missing Access Control due to incorrectly configured access control security levels. T...

CVE-2026-32407

Missing Authorization vulnerability in WPClever WPC Smart Wishlist for WooCommerce woo-smart-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Smart Wishlist for WooCommerce: from n/a through = 5.0.8...

PT-2026-25252

Missing Authorization vulnerability in WPClever WPC Product Bundles for WooCommerce woo-product-bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPC Product Bundles for WooCommerce: from n/a through = 8.4.5...