| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-2296 | Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter | acowebs | Product Addons for Woocommerce – Product Options with Custom Fields | High | 7.2 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2026-2001 | WowRevenue <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation | wpxpo | WowRevenue – Product Bundles & Bulk Discounts | High | 8.8 | 2026-02-16 19:24:03 | Deep Dive |
| CVE-2026-1988 | Flexi Product Slider and Grid for WooCommerce <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion via 'theme' Shortcode Attribute | wpdecent | Flexi Product Slider and Grid for WooCommerce | High | 7.5 | 2026-02-14 06:42:38 | Deep Dive |
| CVE-2019-25334 | Product Key Explorer 4.2.0.0 - 'Name' Denial of Service | Nsasoft | Nsauditor Product Key Explorer | Medium | 6.2 | 2026-02-12 22:48:44 | Deep Dive |
| CVE-2020-37203 | Office Product Key Finder 1.5.4 - Denial of Service | Nsasoft | Nsauditor Office Product Key Finder | High | 7.5 | 2026-02-11 20:37:23 | Deep Dive |
| CVE-2020-37179 | APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service | Nsasoft | Nsauditor APKF Product Key Finder | High | 7.5 | 2026-02-11 20:37:03 | Deep Dive |
| CVE-2025-13391 | Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion | MooMoo | Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) | Medium | 5.8 | 2026-02-11 16:25:10 | Deep Dive |
| CVE-2020-37131 | Product Key Explorer 4.2.2.0 - 'Key' Denial of Service | Nsauditor | Product Key Explorer | Medium | 6.2 | 2026-02-05 16:13:35 | Deep Dive |
| CVE-2025-15260 | MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification | lwsdevelopers | MyRewards | Medium | 6.5 | 2026-02-04 08:25:28 | Deep Dive |
| CVE-2026-24992 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability | WPFactory | Advanced WooCommerce Product Sales Reporting | - | - | 2026-02-03 14:08:37 | Deep Dive |
| CVE-2022-50950 | Webile 1.0.1 Directory Traversal Vulnerability via Web Application | Product Owner: Webile | Webile | Medium | 6.5 | 2026-02-01 12:56:57 | Deep Dive |
| CVE-2026-24588 | WordPress Smart Product Viewer plugin <= 1.5.4 - Broken Access Control vulnerability | topdevs | Smart Product Viewer | Medium | 4.3 | 2026-01-23 14:29:01 | Deep Dive |
| CVE-2026-24562 | WordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerability | Ryviu | Ryviu – Product Reviews for WooCommerce | 中危 | - | 2026-01-23 14:28:55 | Deep Dive |
| CVE-2026-21969 | Oracle Supply Chain Products Suite 安全漏洞 | Oracle Corporation | Oracle Agile Product Lifecycle Management for Process | Critical | 9.8 | 2026-01-20 21:56:35 | Deep Dive |
| CVE-2026-21944 | Oracle Supply Chain Products Suite 安全漏洞 | Oracle Corporation | Oracle Agile Product Lifecycle Management for Process | Medium | 6.5 | 2026-01-20 21:56:28 | Deep Dive |
| CVE-2025-15526 | Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Full Path Disclosure via 'pdf' Parameter | radykal | Fancy Product Designer | Medium | 5.3 | 2026-01-16 04:44:34 | Deep Dive |
| CVE-2026-0497 | Missing Authorization check in Business Server Pages Application (Product Designer Web UI) | SAP_SE | Business Server Pages Application (Product Designer Web UI) | Medium | 4.3 | 2026-01-13 01:13:36 | Deep Dive |
| CVE-2026-0592 | code-projects Online Product Reservation System User Registration register_code.php sql injection | code-projects | Online Product Reservation System | High | 7.3 | 2026-01-05 13:32:06 | Deep Dive |
| CVE-2026-0591 | code-projects Online Product Reservation System Cart Update update.php sql injection | code-projects | Online Product Reservation System | Medium | 6.3 | 2026-01-05 13:02:06 | Deep Dive |
| CVE-2026-0590 | code-projects Online Product Reservation System POST Parameter delete.php sql injection | code-projects | Online Product Reservation System | Medium | 6.3 | 2026-01-05 12:32:06 | Deep Dive |