| CVE-2026-40070 | bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths) | sgbett | bsv-ruby-sdk | High | 8.1 | 2026-04-09 17:26:51 | Deep Dive |
| CVE-2025-14450 | Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation | wpswings | Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments | Medium | 6.5 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2025-68029 | WordPress Wallet System for WooCommerce plugin <= 2.7.3 - Sensitive Data Exposure vulnerability | WP Swings | Wallet System for WooCommerce | 中危 | - | 2026-01-05 10:37:19 | Deep Dive |
| CVE-2025-6222 | WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload | WP Swings | WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet | Critical | 9.8 | 2025-07-18 05:23:57 | Deep Dive |
| CVE-2025-54041 | WordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) Vulnerability | WP Swings | Wallet System for WooCommerce | Medium | 4.3 | 2025-07-16 10:36:50 | Deep Dive |
| CVE-2025-5937 | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet <= 3.2.0 - Cross-Site Request Forgery to Settings Reset | videowhisper | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet | Medium | 4.3 | 2025-06-28 07:25:06 | Deep Dive |
| CVE-2025-5719 | Vivo wallet 安全漏洞 | vivo | Wallet | - | - | 2025-06-06 03:40:33 | Deep Dive |
| CVE-2025-32530 | WordPress Wallet System for WooCommerce plugin <= 2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability | WP Swings | Wallet System for WooCommerce | High | 7.1 | 2025-04-17 15:47:39 | Deep Dive |
| CVE-2024-13724 | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization | wpswings | Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments | Medium | 4.3 | 2025-03-04 08:23:42 | Deep Dive |
| CVE-2024-13682 | Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery | wpswings | Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments | Medium | 4.3 | 2025-03-04 08:23:41 | Deep Dive |
| CVE-2024-13641 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.9 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-13692 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.4 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2025-23527 | WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability | hemnathmouli | WC Wallet | Medium | 6.5 | 2025-02-03 14:22:42 | Deep Dive |
| CVE-2024-13391 | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting | videowhisper | MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet | Medium | 6.4 | 2025-01-18 07:05:06 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-7747 | Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types | subratamal | Wallet for WooCommerce | Medium | 6.5 | 2024-11-28 12:54:10 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-38699 | WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability | WP Swings | Wallet System for WooCommerce | High | 7.5 | 2024-08-13 10:13:06 | Deep Dive |
| CVE-2024-6353 | Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]' | subratamal | Wallet for WooCommerce | High | 8.8 | 2024-07-12 08:32:13 | Deep Dive |
| CVE-2024-32446 | WordPress Wallet System for WooCommerce plugin <= 2.5.9 - Cross Site Request Forgery (CSRF) vulnerability | WP Swings | Wallet System for WooCommerce | Medium | 5.4 | 2024-04-15 07:57:52 | Deep Dive |