| CVE-2025-1458 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.29 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-04-26 05:34:23 | Deep Dive |
| CVE-2025-3743 | Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation | wpswings | Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups. | Medium | 5.3 | 2025-04-25 06:45:29 | Deep Dive |
| CVE-2025-3775 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.2 - Unauthenticated Server-Side Request Forgery via URL Parameter | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.5 | 2025-04-25 04:23:05 | Deep Dive |
| CVE-2025-46489 | WordPress Bulk Assign Linked Products For WooCommerce plugin <= 2.1 - Broken Access Control Vulnerability | vinodvaswani9 | Bulk Assign Linked Products For WooCommerce | Medium | 5.3 | 2025-04-24 16:09:22 | Deep Dive |
| CVE-2025-39378 | WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Local File Inclusion vulnerability | Holest Engineering | Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | High | 7.5 | 2025-04-24 16:08:39 | Deep Dive |
| CVE-2025-39391 | WordPress Checkout Field Visibility for WooCommerce plugin <= 1.3.0 - Local File Inclusion vulnerability | zamartz | Checkout Field Visibility for WooCommerce | 中危 | - | 2025-04-24 16:08:34 | Deep Dive |
| CVE-2025-3280 | ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes <= 1.4.9 - Authenticated (Subscriber+) SQL Injection | elextensions | ELEX WooCommerce Bulk Edit Products, Prices & Attributes (Basic) | Medium | 6.5 | 2025-04-24 08:23:52 | Deep Dive |
| CVE-2025-1284 | Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure | xpertsclub | Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) | Medium | 4.3 | 2025-04-24 08:23:49 | Deep Dive |
| CVE-2025-46244 | WordPress Advanced Linked Variations for Woocommerce plugin <= 1.0.3 - Broken Access Control Vulnerability | Dotstore | Advanced Linked Variations for Woocommerce | Medium | 5.3 | 2025-04-22 09:53:30 | Deep Dive |
| CVE-2025-46243 | WordPress Recover abandoned cart for WooCommerce plugin <= 2.2 - Cross Site Request Forgery (CSRF) Vulnerability | sonalsinha21 | Recover abandoned cart for WooCommerce | Medium | 4.3 | 2025-04-22 09:53:29 | Deep Dive |
| CVE-2025-3814 | Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter | wijnbergdevelopments | Tax Switch for WooCommerce | Medium | 6.4 | 2025-04-22 05:27:25 | Deep Dive |
| CVE-2025-1457 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) <= 5.10.28 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | bdthemes | Element Pack – Widgets, Templates & Addons for Elementor | Medium | 6.4 | 2025-04-19 03:21:25 | Deep Dive |
| CVE-2025-3598 | Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter | elliotvs | Coupon Affiliates – Affiliate Plugin for WooCommerce | Medium | 6.1 | 2025-04-18 05:23:00 | Deep Dive |
| CVE-2025-24553 | WordPress Shipping with Venipak for WooCommerce plugin <= 1.22.3 - Reflected Cross Site Scripting (XSS) vulnerability | Akadrama | Shipping with Venipak for WooCommerce | High | 7.1 | 2025-04-17 15:48:22 | Deep Dive |
| CVE-2025-24586 | WordPress Shipment Tracker for Woocommerce plugin <= 1.4.23 - Cross Site Scripting (XSS) vulnerability | bitsstech | Shipment Tracker for Woocommerce | High | 7.1 | 2025-04-17 15:48:19 | Deep Dive |
| CVE-2025-27322 | WordPress QR Code for WooCommerce Plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | Bappa Mal | QR Code for WooCommerce | High | 7.1 | 2025-04-17 15:47:58 | Deep Dive |
| CVE-2025-27324 | WordPress 17TRACK for WooCommerce Plugin <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability | 17track | 17TRACK for WooCommerce | High | 7.1 | 2025-04-17 15:47:57 | Deep Dive |
| CVE-2025-27343 | WordPress WooCommerce HTML5 Video Plugin <= 1.7.10 - Reflected Cross Site Scripting (XSS) vulnerability | Webilop | WooCommerce HTML5 Video | High | 7.1 | 2025-04-17 15:47:55 | Deep Dive |
| CVE-2025-32511 | WordPress Make Email Customizer for WooCommerce plugin <= 1.0.6 - Reflected Cross Site Scripting (XSS) vulnerability | Excellent Dynamics | Make Email Customizer for WooCommerce | High | 7.1 | 2025-04-17 15:47:47 | Deep Dive |
| CVE-2025-32512 | WordPress Revamp CRM for WooCommerce plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | revampcrm | Revamp CRM for WooCommerce | High | 7.1 | 2025-04-17 15:47:46 | Deep Dive |