| CVE-2026-39707 | WordPress Accept PayPal Payments using Contact Form 7 plugin <= 4.0.4 - Broken Access Control vulnerability | ZealousWeb | Accept PayPal Payments using Contact Form 7 | - | - | 2026-04-08 08:30:48 | Deep Dive |
| CVE-2026-39645 | WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerability | Global Payments | GlobalPayments WooCommerce | - | - | 2026-04-08 08:30:33 | Deep Dive |
| CVE-2026-1710 | WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax | woocommerce | WooPayments: Integrated WooCommerce Payments | Medium | 6.5 | 2026-03-31 04:25:32 | Deep Dive |
| CVE-2026-22471 | WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability | maximsecudeal | Secudeal Payments for Ecommerce | High | 8.8 | 2026-03-05 05:53:46 | Deep Dive |
| CVE-2025-68501 | WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | Mollie | Mollie Payments for WooCommerce | - | - | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2026-1295 | Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | supercleanse | Buy Now Plus — Payments with Stripe | Medium | 6.4 | 2026-01-28 06:43:43 | Deep Dive |
| CVE-2025-67942 | WordPress Peach Payments Gateway plugin <= 3.3.6 - Broken Access Control vulnerability | peachpayments | Peach Payments Gateway | Medium | 6.5 | 2026-01-22 16:51:54 | Deep Dive |
| CVE-2025-14978 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 5.3 | 2026-01-20 01:22:45 | Deep Dive |
| CVE-2025-14450 | Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation | wpswings | Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments | Medium | 6.5 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2025-13801 | Yoco Payments <= 3.9.0 - Unauthenticated Arbitrary File Read | yocoadmin | Yoco Payments | High | 7.5 | 2026-01-07 09:21:02 | Deep Dive |
| CVE-2025-49339 | WordPress Direct Payments WP plugin <= 1.3.3 - Broken Access Control vulnerability | Digages | Direct Payments WP | Medium | 4.3 | 2025-12-31 16:31:23 | Deep Dive |
| CVE-2025-49340 | WordPress Direct Payments WP plugin <= 1.3.3 - Sensitive Data Exposure vulnerability | Digages | Direct Payments WP | Medium | 4.3 | 2025-12-31 16:30:04 | Deep Dive |
| CVE-2025-14783 | Easy Digital Downloads <= 3.6.2 - Unvalidated Redirect in Password Reset Flow via edd_redirect | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.3 | 2025-12-31 06:24:43 | Deep Dive |
| CVE-2025-12834 | Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message | zealopensource | Accept Stripe Payments Using Contact Form 7 | Medium | 6.1 | 2025-12-12 03:20:59 | Deep Dive |
| CVE-2025-11271 | Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.3 | 2025-11-06 04:36:22 | Deep Dive |
| CVE-2025-11835 | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.16.4 - Missing Authorization to Unauthenticated Arbitrary Member Subscription Auto Renewal | cozmoslabs | Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction | Medium | 5.3 | 2025-11-05 03:27:58 | Deep Dive |
| CVE-2025-9322 | Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection | themeisle | Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions | High | 7.5 | 2025-10-25 06:49:23 | Deep Dive |
| CVE-2025-9216 | StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload | kodezen | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | High | 8.8 | 2025-09-17 06:17:49 | Deep Dive |
| CVE-2025-9215 | StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download | kodezen | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | Medium | 6.5 | 2025-09-17 06:17:48 | Deep Dive |
| CVE-2025-9463 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.5 | 2025-09-10 06:38:46 | Deep Dive |