Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2013 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-13666 Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification helloprintPlug your WooCommerce into the largest catalog of customized print products from Helloprint Medium 5.3 2025-12-06 05:49:27 Deep Dive
CVE-2025-13137 Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting delabonLive Sales Notification for Woocommerce – Woomotiv Medium 6.1 2025-12-06 05:49:22 Deep Dive
CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion wcvendorsWC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors Medium 4.3 2025-12-05 07:26:18 Deep Dive
CVE-2025-12191 PDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting ovologicsPDF Catalog for WooCommerce Medium 5.4 2025-12-05 05:31:28 Deep Dive
CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting codistoOmnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto High 7.2 2025-12-04 04:29:01 Deep Dive
CVE-2025-12358 ShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist Manipulation roxnorShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution Medium 4.3 2025-12-03 12:29:56 Deep Dive
CVE-2025-13109 HUSKY – Products Filter Professional for WooCommerce <= 1.3.7.2 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_query/woof_remove_query' realmag777HUSKY – Products Filter Professional for WooCommerce Medium 4.3 2025-12-03 12:29:56 Deep Dive
CVE-2025-13387 Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting stellarwpKadence WooCommerce Email Designer High 7.2 2025-12-02 04:37:14 Deep Dive
CVE-2025-12584 Quick View for WooCommerce <= 2.2.17 - Unauthenticated Private Product Disclosure shapedpluginQuick View for WooCommerce Medium 5.3 2025-11-27 09:27:49 Deep Dive
CVE-2025-13157 QODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist Update qodeinteractiveQODE Wishlist for WooCommerce Medium 5.3 2025-11-27 06:42:13 Deep Dive
CVE-2025-13441 Hide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache Flushing themesupportHide Category by User Role for WooCommerce Medium 5.3 2025-11-27 06:42:13 Deep Dive
CVE-2025-12123 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting trustindexCustomer Reviews Collector for WooCommerce Medium 6.1 2025-11-27 05:17:39 Deep Dive
CVE-2025-7820 SKT PayPal for WooCommerce <= 1.4 - Unauthenticated Payment Bypass sonalsinha21SKT PayPal for WooCommerce High 7.5 2025-11-27 04:36:44 Deep Dive
CVE-2025-12634 Refund Request for WooCommerce <= 1.0 - Missing Authorization to Authenticated (Subscriber+) Refund Status Update sunarcRefund Request for WooCommerce Medium 4.3 2025-11-25 07:28:27 Deep Dive
CVE-2025-13389 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure nmediaAdmin and Customer Messages After Order for WooCommerce: OrderConvo Medium 5.3 2025-11-25 07:28:22 Deep Dive
CVE-2025-12040 Wishlist for WooCommerce <= 1.1.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation themehunkWishlist for WooCommerce Medium 6.5 2025-11-25 07:28:21 Deep Dive
CVE-2025-13452 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages nmediaAdmin and Customer Messages After Order for WooCommerce: OrderConvo Medium 4.3 2025-11-25 07:28:20 Deep Dive
CVE-2025-10144 Perfect Brands for WooCommerce <= 3.6.2 - Authenticated (Contributor+) SQL Injection quadlayersPerfect Brands for WooCommerce Medium 6.5 2025-11-24 22:28:25 Deep Dive
CVE-2025-66114 WordPress Show Variations as Single Products Woocommerce plugin <= 2.0 - Broken Access Control vulnerability theme fundaShow Variations as Single Products Woocommerce Medium 5.3 2025-11-21 12:30:06 Deep Dive
CVE-2025-66109 WordPress Cart Weight for WooCommerce plugin <= 1.9.11 - Broken Access Control vulnerability Octolize Shipping PluginsCart Weight for WooCommerce Medium 5.3 2025-11-21 12:30:05 Deep Dive