Filtered by vendor Woocommerce
Subscriptions
Filtered by product Woocommerce
Subscriptions
Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12392 | 3 Tripleatechnology, Woocommerce, Wordpress | 3 Cryptocurrency Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2025-11-19 | 5.3 Medium |
| The Cryptocurrency Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'handle_optin_optout' function in all versions up to, and including, 2.0.22. This makes it possible for unauthenticated attackers to opt in and out of tracking. | ||||
| CVE-2025-12955 | 3 Rajeshsingh520, Woocommerce, Wordpress | 3 Live Sales Notification For Woocommerce, Woocommerce, Wordpress | 2025-11-19 | 7.5 High |
| The Live sales notification for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.3.39. This is due to the "getOrders" function lacking proper authorization and capability checks when the plugin is configured to display recent order information. This makes it possible for unauthenticated attackers to extract sensitive customer information including buyer first names, city, state, country, purchase time and date, and product details. | ||||
| CVE-2025-13088 | 3 Ikhodal, Woocommerce, Wordpress | 3 Category And Product Woocommerce Tabs, Woocommerce, Wordpress | 2025-11-19 | 8.8 High |
| The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab() function. This makes it possible for authenticated attackers, with contributor level access and above, to include and execute arbitrary .php files on the server. | ||||
| CVE-2025-12639 | 3 Sundayfanz, Woocommerce, Wordpress | 3 Wmodes, Woocommerce, Wordpress | 2025-11-19 | 4.3 Medium |
| The wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.2.2. This is due to the plugin not properly verifying that a user is authorized to access sensitive information via the AJAX endpoint. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive information including user emails, usernames, roles, capabilities, and WooCommerce data such as products and payment methods. | ||||
| CVE-2025-60204 | 3 Josh Kohlbach, Woocommerce, Wordpress | 3 Woocommerce Store Toolkit, Woocommerce, Wordpress | 2025-11-18 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through <= 2.4.3. | ||||
| CVE-2025-60243 | 3 Holest Engineering, Woocommerce, Wordpress | 3 Selling Commander For Woocommerce, Woocommerce, Wordpress | 2025-11-17 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46. | ||||
| CVE-2025-60235 | 3 Plugify, Woocommerce, Wordpress | 3 Helpdesk Support Ticket System For Woocommerce, Woocommerce, Wordpress | 2025-11-17 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.0. | ||||
| CVE-2025-60207 | 3 Addify, Woocommerce, Wordpress | 3 Custom User Registration Fields For Woocommerce, Woocommerce, Wordpress | 2025-11-17 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2. | ||||
| CVE-2025-60189 | 3 Polopag, Woocommerce, Wordpress | 3 Polopag, Woocommerce, Wordpress | 2025-11-17 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through <= 2.0.9. | ||||
| CVE-2025-64267 | 3 Woocommerce, Wordpress, Wpswings | 3 Woocommerce, Wordpress, Ultimate Points And Rewards | 2025-11-14 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPSwings WooCommerce Ultimate Points And Rewards woocommerce-ultimate-points-and-rewards allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Ultimate Points And Rewards: from n/a through <= 2.10.2. | ||||
| CVE-2025-11821 | 3 Elvismdev, Woocommerce, Wordpress | 3 Products By Custom Tax, Woocommerce, Wordpress | 2025-11-14 | 6.4 Medium |
| The Woocommerce – Products By Custom Tax plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'woo_products_custom_tax' shortcode in all versions up to, and including, 2.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-49947 | 3 Extendons, Woocommerce, Wordpress | 3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress | 2025-11-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | ||||
| CVE-2025-64358 | 3 Webtoffee, Woocommerce, Wordpress | 3 Smart Coupons For Woocommerce, Woocommerce, Wordpress | 2025-11-13 | 4.3 Medium |
| Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3. | ||||
| CVE-2025-64290 | 3 Premmerce, Woocommerce, Wordpress | 4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more | 2025-11-13 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Cross Site Request Forgery.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4. | ||||
| CVE-2025-64289 | 3 Premmerce, Woocommerce, Wordpress | 4 Premmerce, Product Search For Woocommerce, Woocommerce and 1 more | 2025-11-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce Product Search for WooCommerce premmerce-search allows Stored XSS.This issue affects Premmerce Product Search for WooCommerce: from n/a through <= 2.2.4. | ||||
| CVE-2025-64285 | 3 Premmerce, Woocommerce, Wordpress | 4 Premmerce, Wholesale Pricing For Woocommerce, Woocommerce and 1 more | 2025-11-13 | 5.4 Medium |
| Missing Authorization vulnerability in Premmerce Premmerce Wholesale Pricing for WooCommerce premmerce-woocommerce-wholesale-pricing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Wholesale Pricing for WooCommerce: from n/a through <= 1.1.10. | ||||
| CVE-2025-64200 | 3 Villatheme, Woocommerce, Wordpress | 3 Woocommerce Email Template Customizer, Woocommerce, Wordpress | 2025-11-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17. | ||||
| CVE-2025-62957 | 3 Nikanwp, Woocommerce, Wordpress | 3 Woocommerce Reporting, Woocommerce, Wordpress | 2025-11-13 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0. | ||||
| CVE-2025-62935 | 3 Ilmosys, Woocommerce, Wordpress | 3 Open Close Woocommerce Store, Woocommerce, Wordpress | 2025-11-13 | 8.1 High |
| Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8. | ||||
| CVE-2025-62015 | 3 Josh Kohlbach, Woocommerce, Wordpress | 4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more | 2025-11-13 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8. | ||||