| CVE-2026-24542 | WordPress WP Term Order plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) vulnerability | John James Jacoby | WP Term Order | 中危 | - | 2026-01-23 14:28:52 | Deep Dive |
| CVE-2026-22481 | WordPress BD Courier Order Ratio Checker plugin <= 2.0.1 - Broken Access Control vulnerability | Rasedul Haque Rumi | BD Courier Order Ratio Checker | Medium | 4.3 | 2026-01-22 16:52:42 | Deep Dive |
| CVE-2025-68018 | WordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerability | StackWC | Order Listener for WooCommerce | - | - | 2026-01-22 16:52:04 | Deep Dive |
| CVE-2025-68004 | WordPress My Post Order plugin <= 1.2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | Kapil Chugh | My Post Order | - | - | 2026-01-22 16:52:00 | Deep Dive |
| CVE-2025-14626 | QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes | www15to | QR Code for WooCommerce order emails, PDF invoices, packing slips | Medium | 6.4 | 2026-01-07 09:20:57 | Deep Dive |
| CVE-2025-13531 | Stylish Order Form Builder <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter | hayyatapps | Stylish Order Form Builder | Medium | 6.4 | 2026-01-07 08:21:51 | Deep Dive |
| CVE-2025-49352 | WordPress Order Cancellation & Returns for WooCommerce plugin <= 1.1.10 - Insecure Direct Object References (IDOR) vulnerability | YoOhw Studio | Order Cancellation & Returns for WooCommerce | Medium | 4.3 | 2025-12-31 16:25:45 | Deep Dive |
| CVE-2025-63024 | WordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerability | tychesoftwares | Order Delivery Date for WooCommerce | Medium | 5.4 | 2025-12-09 14:52:29 | Deep Dive |
| CVE-2025-13389 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information Disclosure | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.3 | 2025-11-25 07:28:22 | Deep Dive |
| CVE-2025-13452 | Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 4.3 | 2025-11-25 07:28:20 | Deep Dive |
| CVE-2025-13526 | OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure | walterpinem | OneClick Chat to Order | High | 7.5 | 2025-11-22 11:08:39 | Deep Dive |
| CVE-2025-66097 | WordPress I Order Terms plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) vulnerability | Igor Jerosimić | I Order Terms | Medium | 4.3 | 2025-11-21 12:30:00 | Deep Dive |
| CVE-2025-66086 | WordPress SMS Alert Order Notifications plugin <= 3.8.8 - Broken Access Control vulnerability | Cozy Vision | SMS Alert Order Notifications | Medium | 5.3 | 2025-11-21 12:29:58 | Deep Dive |
| CVE-2025-66071 | WordPress Custom Order Numbers for WooCommerce plugin <= 1.11.0 - Broken Access Control vulnerability | tychesoftwares | Custom Order Numbers for WooCommerce | 中危 | - | 2025-11-21 12:29:56 | Deep Dive |
| CVE-2025-64382 | WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.7 - Broken Access Control vulnerability | WebToffee | Order Export & Order Import for WooCommerce | 中危 | - | 2025-11-13 09:24:35 | Deep Dive |
| CVE-2025-12621 | Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update | wpdesk | Flexible Refund and Return Order for WooCommerce | Medium | 5.3 | 2025-11-08 07:26:28 | Deep Dive |
| CVE-2025-58972 | WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.10.4 - Path Traversal vulnerability | Dmitry V. (CEO of "UKR Solution") | Barcode Scanner with Inventory & Order Manager | 中危 | - | 2025-11-06 15:54:30 | Deep Dive |
| CVE-2025-49957 | WordPress Email Attachment by Order Status & Products Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability | Weboccult Technologies Pvt Ltd | Email Attachment by Order Status & Products | - | - | 2025-10-22 14:32:20 | Deep Dive |
| CVE-2025-49915 | WordPress SMS Alert Order Notifications plugin <= 3.8.5 - SQL Injection vulnerability | Cozy Vision | SMS Alert Order Notifications | Critical | 9.3 | 2025-10-22 14:32:12 | Deep Dive |
| CVE-2025-10570 | Flexible Refund and Return Order for WooCommerce <= 1.0.38 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order Refund | wpdesk | Flexible Refund and Return Order for WooCommerce | Medium | 4.3 | 2025-10-22 06:40:59 | Deep Dive |