| CVE-2026-25397 | WordPress File Uploader for WooCommerce plugin <= 1.0.4 - Path Traversal vulnerability | Snowray Software | File Uploader for WooCommerce | High | 7.5 | 2026-03-25 16:14:48 | Deep Dive |
| CVE-2026-25396 | WordPress Commerce Coinbase For WooCommerce plugin <= 1.6.6 - Broken Access Control vulnerability | CoderPress | Commerce Coinbase For WooCommerce | 中危 | - | 2026-03-25 16:14:48 | Deep Dive |
| CVE-2026-25328 | WordPress Product File Upload for WooCommerce plugin <= 2.2.4 - Arbitrary File Deletion vulnerability | add-ons.org | Product File Upload for WooCommerce | Medium | 6.8 | 2026-03-25 16:14:41 | Deep Dive |
| CVE-2026-25317 | WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability | tychesoftwares | Print Invoice & Delivery Notes for WooCommerce | 中危 | - | 2026-03-25 16:14:40 | Deep Dive |
| CVE-2026-24993 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.3 - SQL Injection vulnerability | WPFactory | Advanced WooCommerce Product Sales Reporting | Critical | 9.3 | 2026-03-25 16:14:36 | Deep Dive |
| CVE-2026-24372 | WordPress Subscriptions for WooCommerce plugin <= 1.8.10 - Bypass Vulnerability vulnerability | WP Swings | Subscriptions for WooCommerce | 中危 | - | 2026-03-25 16:14:32 | Deep Dive |
| CVE-2026-23977 | WordPress Helpdesk Support Ticket System for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability | WPFactory | Helpdesk Support Ticket System for WooCommerce | High | 7.5 | 2026-03-25 16:14:31 | Deep Dive |
| CVE-2026-22480 | WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability | WebToffee | Product Feed for WooCommerce | High | 7.2 | 2026-03-25 16:14:22 | Deep Dive |
| CVE-2026-3138 | Product Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLE | woobewoo | Product Filter for WooCommerce by WBW | Medium | 6.5 | 2026-03-24 04:27:49 | Deep Dive |
| CVE-2026-4001 | Woocommerce Custom Product Addons Pro <= 5.4.1 - Unauthenticated Remote Code Execution via Custom Pricing Formula | acowebs | Woocommerce Custom Product Addons Pro | Critical | 9.8 | 2026-03-23 23:25:49 | Deep Dive |
| CVE-2025-13997 | King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure | kingaddons | King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder | Medium | 5.3 | 2026-03-23 06:41:08 | Deep Dive |
| CVE-2025-10679 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | High | 7.3 | 2026-03-23 05:29:39 | Deep Dive |
| CVE-2025-10734 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 5.3 | 2026-03-23 05:29:39 | Deep Dive |
| CVE-2025-10731 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 5.3 | 2026-03-23 05:29:38 | Deep Dive |
| CVE-2025-10736 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 6.5 | 2026-03-23 04:26:48 | Deep Dive |
| CVE-2026-3474 | EmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API Parameter | roxnor | EmailKit – Email Customizer for WooCommerce & WP | Medium | 4.9 | 2026-03-20 23:25:14 | Deep Dive |
| CVE-2026-2421 | ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter | ghera74 | ilGhera Carta Docente for WooCommerce | Medium | 6.5 | 2026-03-20 08:25:58 | Deep Dive |
| CVE-2026-25443 | WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability | Dotstore | Fraud Prevention For Woocommerce | High | 7.5 | 2026-03-19 08:36:32 | Deep Dive |
| CVE-2026-27540 | WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Arbitrary File Upload vulnerability | Rymera Web Co Pty Ltd. | Woocommerce Wholesale Lead Capture | 超危 | - | 2026-03-19 05:24:46 | Deep Dive |
| CVE-2026-27542 | WordPress Woocommerce Wholesale Lead Capture plugin <= 2.0.3.1 - Privilege Escalation vulnerability | Rymera Web Co Pty Ltd. | Woocommerce Wholesale Lead Capture | 超危 | - | 2026-03-19 05:22:50 | Deep Dive |