| CVE-2025-5746 | Drag and Drop Multiple File Upload (Pro) - WooCommerce <= 1.7.1 and 5.0 - 5.0.5 - Unauthenticated Arbitrary File Upload | CodeDropz | Drag and Drop Multiple File Upload (Pro) - WooCommerce | Critical | 9.8 | 2025-07-02 03:47:24 | Deep Dive |
| CVE-2025-53281 | WordPress WPB Category Slider for WooCommerce plugin <= 1.71 - Local File Inclusion Vulnerability | WPBean | WPB Category Slider for WooCommerce | High | 7.5 | 2025-06-27 13:21:21 | Deep Dive |
| CVE-2025-53271 | WordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS Vulnerability | Anton Bond | Additional Order Filters for WooCommerce | High | 7.1 | 2025-06-27 13:21:14 | Deep Dive |
| CVE-2025-53203 | WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability | EDGARROJAS | WooCommerce PDF Invoice Builder | Medium | 4.3 | 2025-06-27 13:21:01 | Deep Dive |
| CVE-2025-24774 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | mojoomla | WPCRM - CRM for Contact form CF7 & WooCommerce | High | 7.1 | 2025-06-27 11:52:47 | Deep Dive |
| CVE-2025-28947 | WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability | snstheme | MBStore - Digital WooCommerce WordPress Theme | High | 8.1 | 2025-06-27 11:52:44 | Deep Dive |
| CVE-2025-30972 | WordPress Woocommerce Line Notify plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability | iamapinan | Woocommerce Line Notify | High | 7.1 | 2025-06-27 11:52:39 | Deep Dive |
| CVE-2025-49885 | WordPress Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin <= 5.0.6 - Arbitrary File Upload Vulnerability | HaruTheme | Drag and Drop Multiple File Upload (Pro) - WooCommerce | Critical | 10.0 | 2025-06-27 11:52:31 | Deep Dive |
| CVE-2023-25998 | WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability | snstheme | Samex - Clean, Minimal Shop WooCommerce WordPress Theme | High | 8.1 | 2025-06-27 11:52:13 | Deep Dive |
| CVE-2025-23967 | WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability | wpopal | GG Bought Together for WooCommerce | Critical | 9.3 | 2025-06-27 11:52:12 | Deep Dive |
| CVE-2025-23973 | WordPress SpecFit-Virtual Try On Woocommerce plugin <= 8.0.3 - Cross Site Scripting (XSS) vulnerability | dugudlabs | SpecFit-Virtual Try On Woocommerce | High | 7.1 | 2025-06-27 11:52:11 | Deep Dive |
| CVE-2025-5813 | Amazon Products to WooCommerce <= 1.2.7 - Missing Authorization to Unauthenticated Arbitrary Product Creation | suhailahmad64 | Amazon Products to WooCommerce | Medium | 5.3 | 2025-06-26 02:22:23 | Deep Dive |
| CVE-2025-49998 | WordPress WooCommerce Fortnox Integration plugin <= 4.5.5 - Broken Access Control Vulnerability | Wetail | WooCommerce Fortnox Integration | Medium | 5.4 | 2025-06-20 15:04:05 | Deep Dive |
| CVE-2025-50008 | WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability | cscode | WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily | Medium | 5.4 | 2025-06-20 15:04:05 | Deep Dive |
| CVE-2025-50045 | WordPress Related Products Manager for WooCommerce plugin <= 1.6.2 - Cross Site Scripting (XSS) Vulnerability | ProWCPlugins | Related Products Manager for WooCommerce | Medium | 6.5 | 2025-06-20 15:03:50 | Deep Dive |
| CVE-2025-52783 | WordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) Vulnerability | themelocation | Change Cart button Colors WooCommerce | High | 7.1 | 2025-06-20 15:03:44 | Deep Dive |
| CVE-2025-6201 | Pixel Manager for WooCommerce (PRO) <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode | alekv | Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing | Medium | 6.4 | 2025-06-19 02:10:37 | Deep Dive |
| CVE-2025-1562 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.3 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | Critical | 9.8 | 2025-06-18 07:22:44 | Deep Dive |
| CVE-2025-48111 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability | YITHEMES | YITH PayPal Express Checkout for WooCommerce | Medium | 4.3 | 2025-06-17 15:01:44 | Deep Dive |
| CVE-2025-24773 | WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - SQL Injection Vulnerability | mojoomla | WPCRM - CRM for Contact form CF7 & WooCommerce | Critical | 9.3 | 2025-06-17 15:01:40 | Deep Dive |