| CVE-2025-30618 | WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability | yuliaz | Rapyd Payment Extension for WooCommerce | Critical | 9.8 | 2025-06-17 15:01:38 | Deep Dive |
| CVE-2025-48118 | WordPress Woocommerce Partial Shipment plugin <= 3.2 - SQL Injection Vulnerability | WpExperts Hub | Woocommerce Partial Shipment | High | 8.5 | 2025-06-17 15:01:32 | Deep Dive |
| CVE-2025-5238 | YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | yithemes | YITH WooCommerce Wishlist | Medium | 6.4 | 2025-06-14 09:23:34 | Deep Dive |
| CVE-2025-4200 | Zagg - Electronics & Accessories WooCommerce WordPress Theme <= 1.4.1 - Unauthenticated Local File Inclusion | BZOTheme | Zagg - Electronics & Accessories WooCommerce WordPress Theme | High | 8.1 | 2025-06-14 08:23:24 | Deep Dive |
| CVE-2025-49510 | WordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability | WPFactory | Min Max Step Quantity Limits Manager for WooCommerce | Medium | 4.3 | 2025-06-10 12:36:35 | Deep Dive |
| CVE-2025-4387 | Abandoned Cart Pro for WooCommerce <= 9.16.0 - Authenticated (Subscriber+) Arbitrary File Upload | Tyche Softwares | Abandoned Cart Pro for WooCommerce | High | 8.8 | 2025-06-10 03:41:38 | Deep Dive |
| CVE-2023-25999 | WordPress BodyCenter - Gym, Fitness WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability | snstheme | BodyCenter - Gym, Fitness WooCommerce WordPress Theme | High | 8.1 | 2025-06-09 15:56:59 | Deep Dive |
| CVE-2025-24767 | WordPress TicketBAI Facturas para WooCommerce plugin <= 3.19 - SQL Injection Vulnerability | facturaone | TicketBAI Facturas para WooCommerce | Critical | 9.3 | 2025-06-09 15:56:57 | Deep Dive |
| CVE-2025-28945 | WordPress Valen - Sport, Fashion WooCommerce WordPress Theme <= 2.4 - Local File Inclusion Vulnerability | snstheme | Valen - Sport, Fashion WooCommerce WordPress Theme | High | 8.1 | 2025-06-09 15:56:51 | Deep Dive |
| CVE-2025-47463 | WordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control Vulnerability | Fahad Mahmood | Stock Locations for WooCommerce | High | 7.1 | 2025-06-09 15:54:13 | Deep Dive |
| CVE-2025-47487 | WordPress MC Woocommerce Wishlist plugin <= 1.9.1 - Cross Site Scripting (XSS) Vulnerability | Moreconvert Team | MC Woocommerce Wishlist | High | 7.1 | 2025-06-09 15:54:11 | Deep Dive |
| CVE-2025-47608 | WordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection Vulnerability | sonalsinha21 | Recover abandoned cart for WooCommerce | Critical | 9.3 | 2025-06-09 15:54:08 | Deep Dive |
| CVE-2025-48123 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Remote Code Execution (RCE) Vulnerability | Holest Engineering | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | Critical | 10.0 | 2025-06-09 15:54:06 | Deep Dive |
| CVE-2025-48122 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - SQL Injection Vulnerability | Holest Engineering | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | Critical | 9.3 | 2025-06-09 15:54:06 | Deep Dive |
| CVE-2025-48124 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Arbitrary File Download Vulnerability | Holest Engineering | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | High | 7.5 | 2025-06-09 15:54:05 | Deep Dive |
| CVE-2025-48129 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Privilege Escalation Vulnerability | Holest Engineering | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | Critical | 9.8 | 2025-06-09 15:54:03 | Deep Dive |
| CVE-2025-49265 | WordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control Vulnerability | WP Swings | Membership For WooCommerce | High | 7.5 | 2025-06-09 15:53:53 | Deep Dive |
| CVE-2025-5568 | WpEvently <= 4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | magepeopleteam | Event Booking Manager for WooCommerce | Medium | 6.4 | 2025-06-07 11:17:51 | Deep Dive |
| CVE-2025-24762 | WordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerability | facturaone | TicketBAI Facturas para WooCommerce | Medium | 5.4 | 2025-06-06 12:54:40 | Deep Dive |
| CVE-2025-28984 | WordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability | storepro | Subscription Renewal Reminders for WooCommerce | Medium | 4.3 | 2025-06-06 12:54:31 | Deep Dive |