| CVE-2025-7726 | The7 <= 12.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title and data-dt-img-description Attributes | Dream-Theme | The7 — Website and eCommerce Builder for WordPress | Medium | 6.4 | 2025-08-09 13:45:05 | Deep Dive |
| CVE-2025-7725 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-08-01 04:24:29 | Deep Dive |
| CVE-2025-6989 | Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion | hogash | KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme | High | 8.1 | 2025-07-26 07:23:52 | Deep Dive |
| CVE-2025-6991 | Kallyas <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion | hogash | KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme | High | 7.5 | 2025-07-26 07:23:52 | Deep Dive |
| CVE-2025-8198 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.9.0 - Unauthenticated Price Manipulation | ThemeMove | MinimogWP – The High Converting eCommerce WordPress Theme | High | 7.5 | 2025-07-26 05:45:53 | Deep Dive |
| CVE-2025-6716 | Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-07-11 06:43:33 | Deep Dive |
| CVE-2025-52807 | WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability | ApusWP | Kossy - Minimalist eCommerce WordPress Theme | High | 8.1 | 2025-07-04 11:17:54 | Deep Dive |
| CVE-2025-49331 | WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability | impleCode | eCommerce Product Catalog | High | 7.2 | 2025-06-17 15:01:23 | Deep Dive |
| CVE-2025-4670 | Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 6.4 | 2025-05-29 08:22:03 | Deep Dive |
| CVE-2025-4868 | merikbest ecommerce-spring-reactjs File Upload Endpoint admin path traversal | merikbest | ecommerce-spring-reactjs | Medium | 6.3 | 2025-05-18 09:00:06 | Deep Dive |
| CVE-2024-11140 | Real WP Shop Lite Ajax eCommerce Shopping Cart <= 2.0.8 - Admin+ Stored XSS | Unknown | Real WP Shop Lite Ajax eCommerce Shopping Cart | - | - | 2025-05-15 20:06:47 | Deep Dive |
| CVE-2025-3862 | Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | Medium | 6.4 | 2025-05-08 11:13:45 | Deep Dive |
| CVE-2025-3975 | ScriptAndTools eCommerce-website-in-PHP subscriber-csv.php information disclosure | ScriptAndTools | eCommerce-website-in-PHP | Medium | 5.3 | 2025-04-27 15:31:05 | Deep Dive |
| CVE-2025-3557 | ScriptAndTools eCommerce-website-in-PHP cross-site request forgery | ScriptAndTools | eCommerce-website-in-PHP | Medium | 4.3 | 2025-04-14 08:00:12 | Deep Dive |
| CVE-2025-3556 | ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication | ScriptAndTools | eCommerce-website-in-PHP | Low | 3.7 | 2025-04-14 07:31:05 | Deep Dive |
| CVE-2025-3555 | ScriptAndTools eCommerce-website-in-PHP login.php excessive authentication | ScriptAndTools | eCommerce-website-in-PHP | Low | 3.7 | 2025-04-14 07:00:11 | Deep Dive |
| CVE-2025-2841 | Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure | reality66 | Cart66 Cloud :: WordPress Ecommerce The Easy Way | Medium | 5.3 | 2025-04-12 02:23:15 | Deep Dive |
| CVE-2025-32195 | WordPress Ecwid Shopping Cart plugin <= 7.0 - Cross Site Scripting (XSS) vulnerability | Ecwid by Lightspeed Ecommerce Shopping Cart | Ecwid Shopping Cart | Medium | 6.5 | 2025-04-04 15:59:07 | Deep Dive |
| CVE-2024-54362 | WordPress GetShop ecommerce plugin <= 1.3 - Path Traversal vulnerability | boggibill | GetShop ecommerce | High | 8.1 | 2025-03-28 15:12:25 | Deep Dive |
| CVE-2025-2252 | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy <= 3.3.6.1 - Unauthenticated Private Post Title Disclosure | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 5.3 | 2025-03-25 07:04:55 | Deep Dive |