Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 2013 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-48248 WordPress Sitewide Discount for WooCommerce: Apply Discount to All Products plugin <= 2.2.1 - Cross Site Scripting (XSS) Vulnerability WPFactorySitewide Discount for WooCommerce: Apply Discount to All Products Medium 6.5 2025-05-19 14:44:56 Deep Dive
CVE-2025-48240 WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability WPFactoryCost of Goods for WooCommerce Medium 6.5 2025-05-19 14:44:53 Deep Dive
CVE-2025-48239 WordPress Product Notes Tab & Private Admin Notes for WooCommerce plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability WPFactoryProduct Notes Tab & Private Admin Notes for WooCommerce Medium 6.5 2025-05-19 14:44:53 Deep Dive
CVE-2025-48237 WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability WPFactoryWishlist for WooCommerce Medium 6.5 2025-05-19 14:44:52 Deep Dive
CVE-2025-4101 MultiVendorX – WooCommerce Multivendor Marketplace Solutions <= 4.2.22 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Post Deletion wcmpMultiVendorX – WooCommerce Multivendor Marketplace Solutions Medium 4.3 2025-05-17 12:22:43 Deep Dive
CVE-2022-4363 Wholesale Market <= 2.2.2 - Settings Update via CSRF UnknownWholesale Market--2025-05-16 20:33:46 Deep Dive
CVE-2025-32180 WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability mojofywpProduct Carousel For WooCommerce – WoorouSell Medium 6.5 2025-05-16 15:45:34 Deep Dive
CVE-2025-39537 WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability Blaze ConceptsBetter Customer List for WooCommerce High 7.1 2025-05-16 15:45:23 Deep Dive
CVE-2025-48144 WordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerability sidngrImport Export For WooCommerce High 7.1 2025-05-16 15:45:16 Deep Dive
CVE-2025-48128 WordPress Sharespine Woocommerce Connector plugin <= 4.7.55 - Broken Access Control Vulnerability SharespineSharespine Woocommerce Connector Medium 4.3 2025-05-16 15:45:12 Deep Dive
CVE-2025-48117 WordPress WooCommerce POS plugin <= 1.7.8 - Broken Access Control Vulnerability kilbotWooCommerce POS Medium 5.3 2025-05-16 15:45:09 Deep Dive
CVE-2024-6478 CTT Expresso para WooCommerce < 3.2.13 - Admin+ Stored XSS UnknownCTT Expresso para WooCommerce--2025-05-15 20:07:07 Deep Dive
CVE-2024-12812 WP ERP < 1.13.4 - Custom+ Unauthorized Access to Terminated Employee Information UnknownWP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting--2025-05-15 20:06:58 Deep Dive
CVE-2024-12808 WP ERP | Complete HR solution with recruitment < 1.13.4 - Admin+ Stored XSS UnknownWP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting--2025-05-15 20:06:57 Deep Dive
CVE-2025-4564 TicketBAI Facturas para WooCommerce <= 3.18 - Unauthenticated Arbitrary File Deletion facturaoneTicketBAI Facturas para WooCommerce Critical 9.8 2025-05-15 11:13:15 Deep Dive
CVE-2025-3876 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Subscriber+) Privilege Escalation via handleWpLoginCreateUserAction Function cozyvision1SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery High 8.8 2025-05-10 11:22:46 Deep Dive
CVE-2025-3878 SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode cozyvision1SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery Medium 6.4 2025-05-10 11:22:46 Deep Dive
CVE-2025-4403 Drag and Drop Multiple File Upload for WooCommerce <= 1.1.6 - Unauthenticated Arbitrary File Upload via upload Function glenwpcoderDrag and Drop Multiple File Upload for WooCommerce Critical 9.8 2025-05-09 08:24:06 Deep Dive
CVE-2024-13793 Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore don-themesWolmart | Multi-Vendor Marketplace WooCommerce Theme High 7.3 2025-05-08 04:21:33 Deep Dive
CVE-2025-47649 WordPress Open Close WooCommerce Store plugin <= 5.0.0 - Local File Inclusion vulnerability StackWCOpen Close WooCommerce Store High 8.8 2025-05-07 14:20:44 Deep Dive