| CVE-2026-39656 | WordPress Razorpay for WooCommerce plugin <= 4.8.2 - Broken Access Control vulnerability | Razorpay | Razorpay for WooCommerce | - | - | 2026-04-08 08:30:36 | Deep Dive |
| CVE-2026-39645 | WordPress GlobalPayments WooCommerce plugin <= 1.18.0 - Server Side Request Forgery (SSRF) vulnerability | Global Payments | GlobalPayments WooCommerce | - | - | 2026-04-08 08:30:33 | Deep Dive |
| CVE-2026-39643 | WordPress Payment Plugins for PayPal WooCommerce plugin <= 2.0.13 - Broken Access Control vulnerability | Payment Plugins | Payment Plugins for PayPal WooCommerce | - | - | 2026-04-08 08:30:32 | Deep Dive |
| CVE-2026-39542 | WordPress Doofinder for WooCommerce plugin <= 2.10.13 - Sensitive Data Exposure vulnerability | Doofinder | Doofinder for WooCommerce | - | - | 2026-04-08 08:30:18 | Deep Dive |
| CVE-2026-39508 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1.1 - Cross Site Scripting (XSS) vulnerability | Josh Kohlbach | Advanced Coupons for WooCommerce Coupons | - | - | 2026-04-08 08:30:14 | Deep Dive |
| CVE-2026-2838 | Whole Enquiry Cart for WooCommerce <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'woowhole_success_msg' Parameter | idealwebdesignlk | Whole Enquiry Cart for WooCommerce | Medium | 4.4 | 2026-04-08 06:43:42 | Deep Dive |
| CVE-2026-3311 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Progress Bar | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2026-04-08 05:29:00 | Deep Dive |
| CVE-2026-3499 | Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce 13.4.6 - 13.5.2.1 - Cross-Site Request Forgery to Multiple Administrative Actions | jkohlbach | Product Feed PRO for WooCommerce by AdTribes – Product Feeds for WooCommerce | High | 8.8 | 2026-04-08 01:24:44 | Deep Dive |
| CVE-2026-0626 | WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode | getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | Medium | 6.4 | 2026-04-04 11:16:14 | Deep Dive |
| CVE-2026-4896 | WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation | wclovers | WCFM – Frontend Manager for WooCommerce | High | 8.1 | 2026-04-04 07:42:00 | Deep Dive |
| CVE-2025-13535 | King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets | kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | Medium | 6.4 | 2026-04-01 14:37:34 | Deep Dive |
| CVE-2025-15484 | Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass | Unknown | Order Notification for WooCommerce | - | - | 2026-04-01 06:00:05 | Deep Dive |
| CVE-2026-1710 | WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax | woocommerce | WooPayments: Integrated WooCommerce Payments | Medium | 6.5 | 2026-03-31 04:25:32 | Deep Dive |
| CVE-2025-12886 | Oxygen <= 6.0.8 - Unauthenticated Server-Side Request Forgery via route_path | Laborator | Oxygen - WooCommerce WordPress Theme | High | 7.2 | 2026-03-28 02:26:37 | Deep Dive |
| CVE-2026-32526 | WordPress Abandoned Cart Recovery for WooCommerce plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability | VillaTheme | Abandoned Cart Recovery for WooCommerce | 中危 | - | 2026-03-25 16:15:09 | Deep Dive |
| CVE-2026-32522 | WordPress WooCommerce Support Ticket System plugin < 18.5 - Arbitrary File Deletion vulnerability | vanquish | WooCommerce Support Ticket System | 中危 | - | 2026-03-25 16:15:08 | Deep Dive |
| CVE-2026-31920 | WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - SQL Injection vulnerability | Devteam HaywoodTech | Product Rearrange for WooCommerce | 中危 | - | 2026-03-25 16:14:57 | Deep Dive |
| CVE-2026-31921 | WordPress Product Rearrange for WooCommerce plugin <= 1.2.2 - Broken Access Control vulnerability | Devteam HaywoodTech | Product Rearrange for WooCommerce | 中危 | - | 2026-03-25 16:14:57 | Deep Dive |
| CVE-2026-27045 | WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability | sbthemes | WooCommerce Infinite Scroll | High | 8.8 | 2026-03-25 16:14:53 | Deep Dive |
| CVE-2026-25469 | WordPress ViaBill – WooCommerce plugin <= 1.1.53 - Settings Change vulnerability | ViaBill for WooCommerce | ViaBill – WooCommerce | Medium | 6.5 | 2026-03-25 16:14:52 | Deep Dive |