Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2013 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-54692 WordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control Vulnerability WP SwingsMembership For WooCommerce High 7.5 2025-08-14 10:34:51 Deep Dive
CVE-2025-54675 WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability YITHEMESYITH WooCommerce Popup Medium 4.3 2025-08-14 10:34:42 Deep Dive
CVE-2025-54674 WordPress Product Configurator for WooCommerce Plugin plugin <= 1.4.4 - Cross Site Request Forgery (CSRF) Vulnerability mklacroixProduct Configurator for WooCommerce Medium 5.4 2025-08-14 10:34:41 Deep Dive
CVE-2025-28999 WordPress WooCommerce Shop Page Builder <= 2.27.7 - Cross Site Scripting (XSS) Vulnerability ZoomItWooCommerce Shop Page Builder High 7.1 2025-08-14 10:34:32 Deep Dive
CVE-2025-30993 WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.7 - Broken Access Control Vulnerability VillaThemeThank You Page Customizer for WooCommerce Medium 6.5 2025-08-14 10:34:29 Deep Dive
CVE-2025-47610 WordPress WooCommerce Fortnox Integration <= 4.5.6 - Cross Site Scripting (XSS) Vulnerability WetailWooCommerce Fortnox Integration Medium 6.5 2025-08-14 10:34:25 Deep Dive
CVE-2025-49887 WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability WPFactoryProduct XML Feed Manager for WooCommerce Critical 9.9 2025-08-14 10:34:07 Deep Dive
CVE-2025-52820 WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability infosoftpluginWooCommerce Point Of Sale (POS) High 8.5 2025-08-14 10:33:57 Deep Dive
CVE-2025-5391 WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion bbioonPurchase Orders for WooCommerce High 8.1 2025-08-12 02:24:45 Deep Dive
CVE-2025-7646 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting posimyththemesThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce Medium 6.4 2025-08-01 06:44:32 Deep Dive
CVE-2025-5720 Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter ivoleCustomer Reviews for WooCommerce Medium 6.4 2025-07-31 04:26:21 Deep Dive
CVE-2025-7689 Hydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback Function themeficHydra Booking – All in One Appointment Booking System | Appointment Scheduling, Booking Calendar & WooCommerce Bookings High 8.8 2025-07-29 09:23:46 Deep Dive
CVE-2025-6730 Bonanza – WooCommerce Free Gifts Lite <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Opt In Success amans2kBonanza – WooCommerce Free Gifts Lite Medium 4.3 2025-07-29 09:23:45 Deep Dive
CVE-2025-6214 Omnishop <= 1.0.9 - Cross-Site Request Forgery to Arbitrary User Deletion via /users/delete REST Endpoint omnishopOmnishop – Mobile shop apps complementing your WooCommerce webshop Medium 6.5 2025-07-23 02:24:39 Deep Dive
CVE-2025-6215 Omnishop <= 1.0.9 - Missing Registration Restriction to Unauthenticated Account Creation via /users/register REST Endpoint omnishopOmnishop – Mobile shop apps complementing your WooCommerce webshop Medium 5.3 2025-07-23 02:24:37 Deep Dive
CVE-2025-5767 Crowdfunding for WooCommerce <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter wpwhamCrowdfunding for WooCommerce Medium 6.4 2025-07-18 05:24:00 Deep Dive
CVE-2025-6222 WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload WP SwingsWooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet Critical 9.8 2025-07-18 05:23:57 Deep Dive
CVE-2025-5816 Plugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking Details biteshipPlugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship Medium 4.3 2025-07-18 04:23:01 Deep Dive
CVE-2025-28955 WordPress Easy Video Player Wordpress & WooCommerce plugin <= 10.0 - Arbitrary File Download Vulnerability FWDesignEasy Video Player Wordpress & WooCommerce High 7.5 2025-07-16 11:28:13 Deep Dive
CVE-2025-29009 WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability WebkulMedical Prescription Attachment Plugin for WooCommerce Critical 10.0 2025-07-16 11:28:10 Deep Dive