| CVE-2025-49958 | WordPress Robokassa payment gateway for Woocommerce plugin <= 1.8.6 - Cross Site Scripting (XSS) vulnerability | robokassa | Robokassa payment gateway for Woocommerce | High | 7.1 | 2025-10-22 14:32:21 | Deep Dive |
| CVE-2025-49947 | WordPress WooCommerce Registration Fields Plugin - Custom Signup Fields plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability | extendons | WooCommerce Registration Fields Plugin - Custom Signup Fields | - | - | 2025-10-22 14:32:18 | Deep Dive |
| CVE-2025-49908 | WordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerability | WPClever | WPC Countdown Timer for WooCommerce | - | - | 2025-10-22 14:32:11 | Deep Dive |
| CVE-2025-49911 | WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - Cross Site Scripting (XSS) vulnerability | wpinstinct | WooCommerce Vehicle Parts Finder | - | - | 2025-10-22 14:32:11 | Deep Dive |
| CVE-2025-49380 | WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability | wpinstinct | WooCommerce Vehicle Parts Finder | Critical | 9.8 | 2025-10-22 14:32:10 | Deep Dive |
| CVE-2025-10570 | Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund | wpdesk | Flexible Refund and Return Order for WooCommerce | Medium | 4.3 | 2025-10-22 06:40:59 | Deep Dive |
| CVE-2025-11691 | PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated SQL Injection | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | High | 7.5 | 2025-10-18 06:42:49 | Deep Dive |
| CVE-2025-11391 | PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | Critical | 9.8 | 2025-10-18 06:42:48 | Deep Dive |
| CVE-2025-11741 | WPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product Exposure | wpclever | WPC Smart Quick View for WooCommerce | Medium | 5.3 | 2025-10-18 06:42:45 | Deep Dive |
| CVE-2025-11742 | WPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information Exposure | wpclever | WPC Smart Wishlist for WooCommerce | Medium | 4.3 | 2025-10-18 05:41:57 | Deep Dive |
| CVE-2025-11722 | Category and Products Accordion Panel <= 1.0 - Authenticated (Contributor+) Local File Inclusion | ikhodal | Woocommerce Category and Products Accordion Panel | High | 7.5 | 2025-10-15 08:25:56 | Deep Dive |
| CVE-2025-6439 | WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Deletion | JMA Plugins | WooCommerce Designer Pro | Critical | 9.8 | 2025-10-11 09:28:38 | Deep Dive |
| CVE-2025-10167 | Stock History & Reports Manager for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpcodefactory | Stock History & Reports Manager for WooCommerce | Medium | 6.4 | 2025-10-11 09:28:37 | Deep Dive |
| CVE-2025-11518 | WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation | wpclever | WPC Smart Wishlist for WooCommerce | Medium | 5.3 | 2025-10-11 08:29:17 | Deep Dive |
| CVE-2025-10862 | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers <= 2.1.3 - Unauthenticated SQL Injection via 'id' | roxnor | Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers | High | 7.5 | 2025-10-09 08:23:17 | Deep Dive |
| CVE-2025-10162 | OrderConvo < 14 - Unauthenticated Arbitrary File Read | Unknown | Admin and Customer Messages After Order for WooCommerce: OrderConvo | - | - | 2025-10-07 06:00:05 | Deep Dive |
| CVE-2025-9286 | Appy Pie Connect for WooCommerce <= 1.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via reset_user_password | hancock11 | Appy Pie Connect for WooCommerce | Critical | 9.8 | 2025-10-03 11:17:10 | Deep Dive |
| CVE-2025-10191 | Big Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | fusedsoftware | Big Post Shipping for WooCommerce | Medium | 6.4 | 2025-09-30 03:35:29 | Deep Dive |
| CVE-2025-60219 | WordPress WooCommerce Designer Pro Plugin <= 1.9.24 - Arbitrary File Upload Vulnerability | HaruTheme | WooCommerce Designer Pro | Critical | 10.0 | 2025-09-26 08:32:14 | Deep Dive |
| CVE-2025-60173 | WordPress GST for WooCommerce Plugin <= 2.0 - Cross Site Request Forgery (CSRF) Vulnerability | Ashwani kumar | GST for WooCommerce | High | 7.1 | 2025-09-26 08:32:10 | Deep Dive |