| CVE-2025-14978 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 5.3 | 2026-01-20 01:22:45 | Deep Dive |
| CVE-2025-13457 | WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id | woocommerce | WooCommerce Square | High | 7.5 | 2026-01-10 03:21:01 | Deep Dive |
| CVE-2025-9463 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.5 | 2025-09-10 06:38:46 | Deep Dive |
| CVE-2024-58103 | Square Wire 安全漏洞 | Square | Wire | Medium | 5.8 | 2025-03-16 00:00:00 | Deep Dive |
| CVE-2025-2189 | Information Disclosure Vulnerability in Tinxy Smart Devices | Mogify Infotech | Tinxy Wi-Fi Lock Controller v1 RF | 中危 | - | 2025-03-11 11:40:20 | Deep Dive |
| CVE-2024-13713 | WPExperts Square For GiveWP <= 1.3.1 - Authenticated (Subscriber+) SQL Injection | saadiqbal | WPExperts Square For GiveWP | Medium | 6.5 | 2025-02-21 11:09:34 | Deep Dive |
| CVE-2024-11895 | Online Payments – Get Paid with PayPal, Square & Stripe <= 3.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | Online Payments – Get Paid with PayPal, Square & Stripe | Medium | 6.4 | 2025-02-18 07:28:13 | Deep Dive |
| CVE-2025-22661 | WordPress Online Payments plugin <= 3.20.0 - Cross Site Scripting (XSS) vulnerability | vcita | Online Payments – Get Paid with PayPal, Square & Stripe | Medium | 6.5 | 2025-01-21 17:21:51 | Deep Dive |
| CVE-2022-47182 | WordPress APIExperts Square for WooCommerce plugin <= 4.4.1 - Broken Access Control | Saad Iqbal | APIExperts Square for WooCommerce | Medium | 5.3 | 2024-12-13 14:22:11 | Deep Dive |
| CVE-2023-30486 | WordPress Square theme <= 2.0.0 - Broken Access Control | hashthemes | Square | Medium | 4.3 | 2024-12-09 11:31:05 | Deep Dive |
| CVE-2023-49851 | WordPress Square Thumbnails plugin <= 1.1.1 - Broken Access Control + CSRF vulnerability | ilmdesigns | Square Thumbnails | Medium | 5.3 | 2024-12-09 11:30:03 | Deep Dive |
| CVE-2024-11362 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.1 | 2024-11-23 03:25:50 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47338 | WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability | Saad Iqbal | WPExperts Square For GiveWP | High | 8.5 | 2024-10-06 12:58:43 | Deep Dive |
| CVE-2024-5861 | WP Easy Pay (Free) <= 4.2.3 - Missing Authorization to Unauthenticated Service Disconnection | saadiqbal | WP Easy Pay – Payment and Donation form Builder for Square | Medium | 5.3 | 2024-07-24 03:17:16 | Deep Dive |
| CVE-2024-27959 | WordPress APIExperts Square for WooCommerce plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability | Wpexpertsio | WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management | High | 7.1 | 2024-03-17 16:27:35 | Deep Dive |
| CVE-2023-35876 | WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Square | High | 8.1 | 2023-12-20 14:42:18 | Deep Dive |
| CVE-2021-4411 | WP EasyPay – Square for WordPress <= 3.2.0 - Cross-Site Request Forgery Bypass | saadiqbal | WP Easy Pay – Payment and Donation form Builder for Square | Medium | 4.3 | 2023-07-12 03:40:43 | Deep Dive |
| CVE-2023-2407 | Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting | vcita | Event Registration Calendar By vcita | Medium | 6.1 | 2023-06-03 04:35:13 | Deep Dive |
| CVE-2023-2406 | Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | vcita | Event Registration Calendar By vcita | Medium | 6.4 | 2023-06-03 04:35:13 | Deep Dive |