| CVE-2025-1913 | Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | High | 7.2 | 2025-03-26 11:55:53 | Deep Dive |
| CVE-2025-1912 | Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | High | 7.6 | 2025-03-26 11:55:52 | Deep Dive |
| CVE-2025-1769 | Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | Medium | 4.9 | 2025-03-26 11:22:09 | Deep Dive |
| CVE-2024-12109 | Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi | Unknown | Product Labels For Woocommerce (Sale Badges) | 中危 | - | 2025-03-25 06:00:11 | Deep Dive |
| CVE-2024-10638 | Product Labels For Woocommerce < 1.5.11 - Admin+ SQLi | Unknown | Product Labels For Woocommerce (Sale Badges) | 中危 | - | 2025-03-25 06:00:09 | Deep Dive |
| CVE-2025-0828 | Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x | Dassault Systèmes | ENOVIA Product Engineering Specialist | High | 8.7 | 2025-03-17 13:50:07 | Deep Dive |
| CVE-2024-13359 | Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload | tychesoftwares | Product Input Fields for WooCommerce | High | 8.1 | 2025-03-08 09:22:54 | Deep Dive |
| CVE-2025-23416 | Keysight Ixia Vision Product Family Path Traversal | Keysight | Ixia Vision Product Family | Medium | 4.9 | 2025-03-05 15:21:16 | Deep Dive |
| CVE-2025-21095 | Keysight Ixia Vision Product Family Path Traversal | Keysight | Ixia Vision Product Family | Medium | 4.9 | 2025-03-05 15:19:17 | Deep Dive |
| CVE-2025-24521 | Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference | Keysight | Ixia Vision Product Family | Medium | 4.9 | 2025-03-05 15:17:24 | Deep Dive |
| CVE-2025-24494 | Keysight Ixia Vision Product Family Path Traversal | Keysight | Ixia Vision Product Family | High | 7.2 | 2025-03-05 15:15:20 | Deep Dive |
| CVE-2025-1405 | Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode | implecode | Product Catalog Simple | Medium | 6.4 | 2025-02-28 07:03:47 | Deep Dive |
| CVE-2025-1505 | Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting | berocket | Advanced AJAX Product Filters | Medium | 6.1 | 2025-02-28 04:21:57 | Deep Dive |
| CVE-2025-22632 | WordPress WooCommerce Pricing – Product Pricing plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability | totalsoft | WooCommerce Pricing – Product Pricing | High | 7.1 | 2025-02-23 22:55:06 | Deep Dive |
| CVE-2025-26568 | WordPress Easy Amazon Product Information plugin <= 4.0.1 - CSRF to Stored XSS vulnerability | jensmueller | Easy Amazon Product Information | High | 7.1 | 2025-02-13 13:53:02 | Deep Dive |
| CVE-2024-11746 | Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Brands for WooCommerce | Medium | 6.4 | 2025-02-12 04:22:14 | Deep Dive |
| CVE-2025-22674 | WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability | Get Bowtied | Product Blocks for WooCommerce | Medium | 6.5 | 2025-02-04 14:21:58 | Deep Dive |
| CVE-2024-13472 | WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting | wcproducttable | Product Table and List Builder for WooCommerce Lite | High | 7.3 | 2025-01-31 09:21:23 | Deep Dive |
| CVE-2024-12600 | Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection | skyverge | Custom Product Tabs Lite for WooCommerce | High | 7.2 | 2025-01-25 06:40:39 | Deep Dive |
| CVE-2025-24681 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability | wpWax | Product Carousel Slider & Grid Ultimate for WooCommerce | Medium | 5.9 | 2025-01-24 17:24:54 | Deep Dive |