| CVE-2025-67631 | WordPress Gift Hunt plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability | Ecommerce Platforms | Gift Hunt | Medium | 5.9 | 2025-12-24 13:10:24 | Deep Dive |
| CVE-2025-13642 | ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 5.4 | 2025-12-09 15:23:48 | Deep Dive |
| CVE-2025-67599 | WordPress WebToffee eCommerce Marketing Automation plugin <= 2.1.1 - Broken Access Control vulnerability | WebToffee | WebToffee eCommerce Marketing Automation | - | - | 2025-12-09 14:14:19 | Deep Dive |
| CVE-2025-13495 | FluentCart A New Era of eCommerce <= 1.3.1 - Authenticated (Administrator+) SQL Injection via 'groupKey' Parameter | wpmanageninja | FluentCart A New Era of eCommerce – Faster, Lighter, and Simpler | Medium | 4.9 | 2025-12-03 03:27:14 | Deep Dive |
| CVE-2025-13793 | winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting | winston-dsouza | Ecommerce-Website | Medium | 4.3 | 2025-11-30 17:02:06 | Deep Dive |
| CVE-2024-14015 | Studiocart <= 2.9.0 - Reflected XSS | Unknown | WordPress eCommerce Plugin | - | - | 2025-11-24 06:00:03 | Deep Dive |
| CVE-2025-13239 | Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution submit_checkout behavioral workflow | Bdtask | Isshue Multi Store eCommerce Shopping Cart Solution | Medium | 4.3 | 2025-11-16 06:02:06 | Deep Dive |
| CVE-2025-13186 | Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting | Bdtask | Isshue Multi Store eCommerce Shopping Cart Solution | Low | 2.4 | 2025-11-14 21:32:06 | Deep Dive |
| CVE-2025-11457 | EasyCommerce – AI-Powered, Blazing-Fast & Beautiful WordPress Ecommerce Plugin 0.9.0-beta2 - 1.8.2 - Unauthenticated Privilege Escalation | easycommerce | EasyCommerce – AI-Powered WordPress Ecommerce Plugin to Sell Digital Products, Subscriptions & Physical Goods | Critical | 9.8 | 2025-11-11 03:30:43 | Deep Dive |
| CVE-2025-11271 | Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.3 | 2025-11-06 04:36:22 | Deep Dive |
| CVE-2025-6988 | Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | hogash | KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme | Medium | 6.4 | 2025-11-01 07:30:05 | Deep Dive |
| CVE-2025-6990 | Kallyas <= 4.24.0 - Authenticated (Contributor+) Remote Code Execution | hogash | KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme | High | 8.8 | 2025-11-01 07:30:03 | Deep Dive |
| CVE-2025-12291 | ashymuzuro Full-Ecommece-Website/Muzuro Ecommerce System Add Product index.php unrestricted upload | ashymuzuro | Full-Ecommece-Website | Medium | 4.7 | 2025-10-27 15:32:06 | Deep Dive |
| CVE-2025-11897 | The7 — Ultimate WordPress & WooCommerce Theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css' | Dream-Theme | The7 — Website and eCommerce Builder for WordPress | Medium | 6.4 | 2025-10-25 12:26:29 | Deep Dive |
| CVE-2025-9216 | StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Upload | kodezen | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | High | 8.8 | 2025-09-17 06:17:49 | Deep Dive |
| CVE-2025-9215 | StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download | kodezen | StoreEngine — Complete eCommerce Solution with Memberships, Licensing, Affiliates & More | Medium | 6.5 | 2025-09-17 06:17:48 | Deep Dive |
| CVE-2025-58786 | WordPress Ibtana – Ecommerce Product Addons plugin <= 0.4.7.6 - Cross Site Scripting (XSS) vulnerability | VW THEMES | Ibtana – Ecommerce Product Addons | Medium | 6.5 | 2025-09-05 13:44:56 | Deep Dive |
| CVE-2025-9237 | CodeAstro Ecommerce Website Edit Your Account my_account.php cross site scripting | CodeAstro | Ecommerce Website | Low | 3.5 | 2025-08-20 17:32:09 | Deep Dive |
| CVE-2025-8102 | Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.4 | 2025-08-20 11:26:10 | Deep Dive |
| CVE-2025-8878 | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.4 - Unauthenticated Arbitrary Shortcode Execution | properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress | Medium | 6.5 | 2025-08-16 11:11:24 | Deep Dive |