| CVE-2025-58598 | WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability | Klarna | Klarna Order Management for WooCommerce | Medium | 6.6 | 2025-09-03 14:36:38 | Deep Dive |
| CVE-2024-13342 | Booster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File Upload | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | High | 8.1 | 2025-08-29 10:54:02 | Deep Dive |
| CVE-2025-54029 | WordPress WooCommerce csv import export Plugin <= 2.0.6 - Arbitrary File Deletion Vulnerability | extendons | WooCommerce csv import export | High | 7.7 | 2025-08-28 12:37:34 | Deep Dive |
| CVE-2025-48358 | WordPress Risk Free Cash On Delivery (COD) – WooCommerce plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability | everythingwp | Risk Free Cash On Delivery (COD) – WooCommerce | Medium | 5.9 | 2025-08-28 12:37:08 | Deep Dive |
| CVE-2025-6255 | Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter | plugincy | Dynamic AJAX Product Filters for WooCommerce | Medium | 6.4 | 2025-08-28 06:42:36 | Deep Dive |
| CVE-2025-8073 | Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter | plugincy | Dynamic AJAX Product Filters for WooCommerce | Medium | 6.4 | 2025-08-28 06:42:35 | Deep Dive |
| CVE-2024-8860 | Tourfic <= 2.14.5 - Missing Authorization in Multiple Functions | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 4.3 | 2025-08-26 07:06:04 | Deep Dive |
| CVE-2025-7827 | Ni WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update | anzia | Ni WooCommerce Customer Product Report | Medium | 4.3 | 2025-08-23 04:25:46 | Deep Dive |
| CVE-2025-48148 | WordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload Vulnerability | StoreKeeper B.V. | StoreKeeper for WooCommerce | Critical | 10.0 | 2025-08-20 08:03:34 | Deep Dive |
| CVE-2025-53213 | WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability | ELEXtensions | ReachShip WooCommerce Multi-Carrier & Conditional Shipping | Critical | 9.9 | 2025-08-20 08:03:17 | Deep Dive |
| CVE-2025-54713 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.3.0 - Broken Authentication vulnerability | magepeopleteam | Taxi Booking Manager for WooCommerce | Critical | 9.8 | 2025-08-20 08:02:52 | Deep Dive |
| CVE-2025-8618 | WPC Smart Quick View for WooCommerce <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via woosq_btn Shortcode | wpclever | WPC Smart Quick View for WooCommerce | Medium | 6.4 | 2025-08-20 04:26:20 | Deep Dive |
| CVE-2025-7654 | Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 8.8 | 2025-08-19 07:26:28 | Deep Dive |
| CVE-2025-7496 | WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | wpclever | WPC Smart Compare for WooCommerce | Medium | 6.4 | 2025-08-19 03:39:04 | Deep Dive |
| CVE-2025-8898 | Taxi Booking Manager for Woocommerce | E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover | magepeopleteam | E-cab Taxi Booking Manager for Woocommerce | Critical | 9.8 | 2025-08-16 06:39:23 | Deep Dive |
| CVE-2024-8393 | Woocommerce Blocks – Woolook <= 1.7.0 - Authenticated (Admin+) Local File Inclusion | delabon | Woocommerce Blocks – Woolook | Medium | 6.6 | 2025-08-16 03:38:52 | Deep Dive |
| CVE-2025-6025 | Order Tip for WooCommerce <= 1.5.4 - Unauthenticated Tip Manipulation to Negative Value Leading to Unauthorized Discounts | railmedia | Order Tip for WooCommerce | High | 7.5 | 2025-08-15 02:24:23 | Deep Dive |
| CVE-2025-8342 | WooCommerce OTP Login With Phone Number, OTP Verification <= 1.8.47 - Authentication Bypass | glboy | OTP Login With Phone Number, OTP Verification | High | 8.1 | 2025-08-15 02:24:22 | Deep Dive |
| CVE-2025-53575 | WordPress Primer MyData for Woocommerce Plugin <= 4.2.5 - Cross Site Request Forgery (CSRF) Vulnerability | primersoftware | Primer MyData for Woocommerce | High | 7.1 | 2025-08-14 18:21:54 | Deep Dive |
| CVE-2025-54697 | WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.16 - Privilege Escalation Vulnerability | StellarWP | Kadence WooCommerce Email Designer | High | 7.2 | 2025-08-14 10:34:54 | Deep Dive |