| CVE-2025-39520 | WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability | WP Wham | Checkout Files Upload for WooCommerce | Medium | 6.5 | 2025-04-16 12:45:50 | Deep Dive |
| CVE-2025-2266 | Checkout Mestres do WP for WooCommerce 8.6.5 - 8.7.5 - Unauthenticated Arbitrary Options Update | mestresdowp | Checkout Mestres do WP for WooCommerce | Critical | 9.8 | 2025-03-29 07:03:31 | Deep Dive |
| CVE-2025-27347 | WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | techmix | Direct Checkout Button for WooCommerce | Medium | 6.5 | 2025-02-24 14:49:21 | Deep Dive |
| CVE-2024-12395 | WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number' | amitwpdeveloper | Additional Fees For WooCommerce Checkout | Medium | 6.1 | 2024-12-17 11:10:19 | Deep Dive |
| CVE-2023-41803 | WordPress BitPay Checkout for WooCommerce plugin <= 4.1.0 - Broken Access Control vulnerability | BitPay | BitPay Checkout for WooCommerce | Medium | 5.3 | 2024-12-13 14:24:18 | Deep Dive |
| CVE-2023-37969 | WordPress Checkout with Zelle on Woocommerce plugin <= 3.1 - Broken Access Control vulnerability | The African Boss | Checkout with Zelle on Woocommerce | Medium | 5.3 | 2024-12-13 14:23:51 | Deep Dive |
| CVE-2023-49817 | WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability | heolixfy | Flexible Woocommerce Checkout Field Editor | High | 8.2 | 2024-12-09 11:30:12 | Deep Dive |
| CVE-2024-9635 | Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting | theafricanboss | Checkout with Cash App on WooCommerce | Medium | 6.1 | 2024-11-23 06:54:54 | Deep Dive |
| CVE-2024-11362 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.1 | 2024-11-23 03:25:50 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-8499 | Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice | themehigh | Checkout Field Editor (Checkout Manager) for WooCommerce | Medium | 4.7 | 2024-10-04 12:46:53 | Deep Dive |
| CVE-2024-43316 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability | Checkout Plugins | Stripe Payments For WooCommerce by Checkout | Medium | 4.3 | 2024-08-26 20:36:44 | Deep Dive |
| CVE-2024-43315 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability | Checkout Plugins | Stripe Payments For WooCommerce by Checkout | High | 7.5 | 2024-08-18 21:32:22 | Deep Dive |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 4.3 | 2024-07-24 05:31:56 | Deep Dive |
| CVE-2024-5192 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 6.4 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2023-47681 | WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability | QuadLayers | WooCommerce Checkout Manager | Medium | 6.5 | 2024-06-19 11:07:45 | Deep Dive |
| CVE-2024-4632 | WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 6.4 | 2024-06-19 08:33:58 | Deep Dive |
| CVE-2024-35658 | WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability | ThemeHigh | Checkout Field Editor for WooCommerce (Pro) | High | 8.6 | 2024-06-10 15:45:09 | Deep Dive |
| CVE-2024-31267 | WordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerability | WP Desk | Flexible Checkout Fields for WooCommerce | Medium | 4.3 | 2024-06-09 11:14:37 | Deep Dive |
| CVE-2024-4608 | SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | artbees | SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster | Medium | 6.4 | 2024-06-06 03:32:53 | Deep Dive |