| CVE-2025-15033 | WooCommerce - Subscriber/Customer+ Order Data Disclosure | Automattic | WooCommerce | - | - | 2025-12-22 18:57:40 | Deep Dive |
| CVE-2025-12398 | Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting | codersaiful | Product Table for WooCommerce | Medium | 6.1 | 2025-12-21 03:20:05 | Deep Dive |
| CVE-2025-13838 | WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute | htplugins | WishSuite – Wishlist for WooCommerce | Medium | 6.4 | 2025-12-21 02:20:32 | Deep Dive |
| CVE-2025-14054 | WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute | hasthemes | WC Builder – WooCommerce Page Builder for WPBakery | Medium | 4.4 | 2025-12-21 02:20:32 | Deep Dive |
| CVE-2025-14298 | FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode | damian-gora | FiboSearch – Ajax Search for WooCommerce | Medium | 5.4 | 2025-12-20 08:22:11 | Deep Dive |
| CVE-2025-13329 | File Uploader for WooCommerce <= 1.0.3 - Unauthenticated Arbitrary File Upload via add-image-data | snowray | File Uploader for WooCommerce | Critical | 9.8 | 2025-12-20 03:20:24 | Deep Dive |
| CVE-2025-13110 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr' | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Medium | 4.3 | 2025-12-18 12:22:28 | Deep Dive |
| CVE-2025-64222 | WordPress WooCommerce Recover Abandoned Cart plugin <= 24.6.0 - Arbitrary Content Deletion vulnerability | FantasticPlugins | WooCommerce Recover Abandoned Cart | High | 7.5 | 2025-12-18 07:22:13 | Deep Dive |
| CVE-2025-60083 | WordPress PDF Invoice Builder for WooCommerce plugin <= 6.5.0 - Deserialization of untrusted data vulnerability | add-ons.org | PDF Invoice Builder for WooCommerce | - | - | 2025-12-18 07:22:08 | Deep Dive |
| CVE-2025-58951 | WordPress Advance Seat Reservation Management for WooCommerce plugin <= 3.1 - SQL Injection vulnerability | smartcms | Advance Seat Reservation Management for WooCommerce | Critical | 9.3 | 2025-12-18 07:22:00 | Deep Dive |
| CVE-2025-49379 | WordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerability | silverplugins217 | Custom Fields Account Registration For Woocommerce | - | - | 2025-12-18 07:21:44 | Deep Dive |
| CVE-2025-67929 | WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Broken Access Control vulnerability | templateinvaders | TI WooCommerce Wishlist | Medium | 5.3 | 2025-12-16 08:12:57 | Deep Dive |
| CVE-2025-66128 | WordPress Sendinblue for WooCommerce plugin <= 4.0.49 - Broken Access Control vulnerability | Brevo | Sendinblue for WooCommerce | Medium | 5.3 | 2025-12-16 08:12:54 | Deep Dive |
| CVE-2025-64638 | WordPress OnPay.io for WooCommerce plugin <= 1.0.47 - Broken Access Control vulnerability | OnPay.io | OnPay.io for WooCommerce | Medium | 5.3 | 2025-12-16 08:12:52 | Deep Dive |
| CVE-2025-54004 | WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.24 - Broken Access Control vulnerability | WC Lovers | WCFM – Frontend Manager for WooCommerce | Low | 2.7 | 2025-12-16 08:12:46 | Deep Dive |
| CVE-2025-9207 | TI WooCommerce Wishlist <= 2.10.0 - Unauthenticated HTML Injection | templateinvaders | TI WooCommerce Wishlist | Medium | 5.3 | 2025-12-13 07:21:04 | Deep Dive |
| CVE-2025-8617 | YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode | yithemes | YITH WooCommerce Quick View | Medium | 6.4 | 2025-12-13 04:31:29 | Deep Dive |
| CVE-2025-13077 | افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce <= 1.3.5 - Unauthenticated Time-Based Blind SQL Injection | payamito | افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce | High | 7.5 | 2025-12-13 04:31:27 | Deep Dive |
| CVE-2025-12348 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-12-12 09:20:29 | Deep Dive |
| CVE-2025-14169 | FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | High | 7.5 | 2025-12-12 07:20:36 | Deep Dive |