| CVE-2026-4949 | ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 4.3 | 2026-04-15 22:26:06 | Deep Dive |
| CVE-2026-3309 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Unauthenticated Arbitrary Shortcode Execution via Checkout Billing Fields | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2026-04-04 11:16:15 | Deep Dive |
| CVE-2026-3445 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 7.1 | 2026-04-04 08:25:20 | Deep Dive |
| CVE-2026-1986 | FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter | bakkbone | FloristPress for Woo – Customize your eCommerce store for your Florist | Medium | 6.1 | 2026-03-26 02:25:21 | Deep Dive |
| CVE-2019-25577 | SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme | Seotoaster | SeoToaster Ecommerce | Medium | 5.5 | 2026-03-21 15:30:36 | Deep Dive |
| CVE-2026-2631 | Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation | Unknown | Datalogics Ecommerce Delivery | - | - | 2026-03-11 06:00:11 | Deep Dive |
| CVE-2026-3453 | ProfilePress <= 4.16.11 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Subscription Cancellation/Expiration | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | High | 8.1 | 2026-03-11 02:22:46 | Deep Dive |
| CVE-2026-1128 | WP eCommerce <= 3.15.1 - Coupon Deletion via CSRF | Unknown | WP eCommerce | 中危 | - | 2026-03-06 06:00:03 | Deep Dive |
| CVE-2026-22471 | WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability | maximsecudeal | Secudeal Payments for Ecommerce | High | 8.8 | 2026-03-05 05:53:46 | Deep Dive |
| CVE-2025-14339 | weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion | wedevs | weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce | Medium | 6.5 | 2026-02-21 09:28:00 | Deep Dive |
| CVE-2026-1750 | Ecwid by Lightspeed Ecommerce Shopping Cart <= 7.0.7 - Authenticated (Subscriber+) Privilege Escalation via ec_store_admin_access | ecwid | Ecwid by Lightspeed Ecommerce Shopping Cart | High | 8.8 | 2026-02-15 03:24:34 | Deep Dive |
| CVE-2026-1235 | WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection | Unknown | WP eCommerce | - | - | 2026-02-11 06:00:08 | Deep Dive |
| CVE-2020-37003 | Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting | Sellacious | Sellacious eCommerce | Medium | 6.4 | 2026-01-30 16:16:38 | Deep Dive |
| CVE-2021-47897 | PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting | PEEL eCommerce | PEEL Shopping | High | 7.2 | 2026-01-23 16:47:41 | Deep Dive |
| CVE-2021-47892 | PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting | PEEL eCommerce | PEEL Shopping | High | 7.2 | 2026-01-23 16:47:37 | Deep Dive |
| CVE-2026-24613 | WordPress Ecwid Shopping Cart plugin <= 7.0.6 - Broken Access Control vulnerability | Ecwid by Lightspeed Ecommerce Shopping Cart | Ecwid Shopping Cart | Medium | 5.3 | 2026-01-23 14:29:05 | Deep Dive |
| CVE-2026-24589 | WordPress Cargus plugin <= 1.5.8 - Sensitive Data Exposure vulnerability | Cargus eCommerce | Cargus | 中危 | - | 2026-01-23 14:29:01 | Deep Dive |
| CVE-2026-24580 | WordPress Ecwid Shopping Cart plugin <= 7.0.5 - Broken Access Control vulnerability | Ecwid by Lightspeed Ecommerce Shopping Cart | Ecwid Shopping Cart | Medium | 4.3 | 2026-01-23 14:28:59 | Deep Dive |
| CVE-2021-47763 | Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection | Aimeos | Aimeos Laravel ecommerce platform | High | 8.2 | 2026-01-15 15:52:08 | Deep Dive |
| CVE-2025-14783 | Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.3 | 2025-12-31 06:24:43 | Deep Dive |