| CVE-2026-4001 | Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula | acowebs | Woocommerce Custom Product Addons Pro | Critical | 9.8 | 2026-03-23 23:25:49 | Deep Dive |
| CVE-2025-14037 | Invelity Products Feeds <= 1.2.6 - Cross-Site Request Forgery to Arbitrary File Deletion | invelity | Invelity Product Feeds | High | 8.1 | 2026-03-21 03:26:56 | Deep Dive |
| CVE-2026-2579 | WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter | wpxpo | WowStore – Store Builder & Product Blocks for WooCommerce | High | 7.5 | 2026-03-17 01:24:29 | Deep Dive |
| CVE-2026-32457 | WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability | Wombat Plugins | Advanced Product Fields (Product Addons) for WooCommerce | 中危 | - | 2026-03-13 11:42:23 | Deep Dive |
| CVE-2026-32443 | WordPress Product Feed PRO for WooCommerce plugin <= 13.5.2 - Cross Site Request Forgery (CSRF) vulnerability | Josh Kohlbach | Product Feed PRO for WooCommerce | 中危 | - | 2026-03-13 11:42:20 | Deep Dive |
| CVE-2026-32406 | WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability | WPClever | WPC Product Bundles for WooCommerce | 中危 | - | 2026-03-13 11:42:13 | Deep Dive |
| CVE-2026-4013 | SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization | SourceCodester | Web-based Pharmacy Product Management System | Medium | 6.3 | 2026-03-12 08:02:08 | Deep Dive |
| CVE-2026-3766 | SourceCodester Web-based Pharmacy Product Management System edit-profile.php cross site scripting | SourceCodester | Web-based Pharmacy Product Management System | Low | 3.5 | 2026-03-08 20:02:11 | Deep Dive |
| CVE-2026-27354 | WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability | WebCodingPlace | WooCommerce Coming Soon Product with Countdown | 中危 | - | 2026-03-05 05:53:54 | Deep Dive |
| CVE-2026-3401 | SourceCodester Web-based Pharmacy Product Management System session expiration | SourceCodester | Web-based Pharmacy Product Management System | Low | 3.1 | 2026-03-02 00:02:10 | Deep Dive |
| CVE-2025-14343 | Reflected XSS in Dokuzsoft Technology's E-Commerce Product | Dokuzsoft Technology Ltd. | E-Commerce Product | High | 7.6 | 2026-02-26 12:06:21 | Deep Dive |
| CVE-2026-1929 | Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter | mihail-barinov | Advanced Woo Labels – Product Labels & Badges for WooCommerce | High | 8.8 | 2026-02-25 08:25:32 | Deep Dive |
| CVE-2025-69381 | WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability | vanquish | WooCommerce Bulk Product Editor | - | - | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2025-69378 | WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability | XforWooCommerce | Product Filter for WooCommerce | High | 7.2 | 2026-02-20 15:46:53 | Deep Dive |
| CVE-2025-68552 | WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability | WebCodingPlace | WooCommerce Coming Soon Product with Countdown | High | 7.5 | 2026-02-20 15:46:41 | Deep Dive |
| CVE-2025-68834 | WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability | Saiful Islam | Sync Master Sheet – Product Sync with Google Sheet for WooCommerce | High | 7.5 | 2026-02-20 15:46:41 | Deep Dive |
| CVE-2026-2232 | Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter | wcproducttable | Product Table and List Builder for WooCommerce Lite | High | 7.5 | 2026-02-19 16:24:56 | Deep Dive |
| CVE-2026-25318 | WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability | Wisernotify team | WiserReview Product Reviews for WooCommerce | - | - | 2026-02-19 08:26:55 | Deep Dive |
| CVE-2025-12975 | CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation | wahid0003 | Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels | High | 7.2 | 2026-02-19 04:36:11 | Deep Dive |
| CVE-2026-1426 | Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility | berocket | Advanced AJAX Product Filters | High | 8.8 | 2026-02-18 14:24:59 | Deep Dive |