| CVE-2025-26888 | WordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerability | Amir Helzer | WooCommerce Multilingual & Multicurrency | Medium | 5.3 | 2025-04-09 19:35:43 | Deep Dive |
| CVE-2025-31032 | WordPress Pagopar – WooCommerce Gateway plugin <= 2.7.1 - CSRF to Stored XSS vulnerability | Pagopar - Grupo M S.A. | Pagopar – WooCommerce Gateway | High | 7.1 | 2025-04-09 16:10:14 | Deep Dive |
| CVE-2025-32570 | WordPress ChillPay WooCommerce Plugin <= 2.5.3 - CSRF to Stored XSS vulnerability | ChillPay | ChillPay WooCommerce | High | 7.1 | 2025-04-09 16:09:35 | Deep Dive |
| CVE-2025-32659 | WordPress FraudLabs Pro for WooCommerce plugin <= 2.22.8 - CSRF to Stored XSS vulnerability | fraudlabspro | FraudLabs Pro for WooCommerce | High | 7.1 | 2025-04-09 16:09:20 | Deep Dive |
| CVE-2025-2568 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce 1.0.4 - 1.2.1 - Missing Authorization to Unauthenticated Limited Arbitrary Options Update | themehunk | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce | Medium | 5.3 | 2025-04-08 11:11:31 | Deep Dive |
| CVE-2025-2941 | Drag and Drop Multiple File Upload for WooCommerce <= 1.1.4 - Unauthenticated Arbitrary File Move | glenwpcoder | Drag and Drop Multiple File Upload for WooCommerce | Critical | 9.8 | 2025-04-05 07:01:11 | Deep Dive |
| CVE-2025-2789 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.19 - Missing Authorization to Unauthenticated Table Rates Deletion | wcmp | MultiVendorX – WooCommerce Multivendor Marketplace Solutions | Medium | 5.3 | 2025-04-05 05:32:14 | Deep Dive |
| CVE-2025-32271 | WordPress Woocommerce Role Pricing Plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability | ablancodev | Woocommerce Role Pricing | Medium | 4.3 | 2025-04-04 15:59:45 | Deep Dive |
| CVE-2025-32263 | WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability | BeRocket | Sequential Order Numbers for WooCommerce | Medium | 4.3 | 2025-04-04 15:59:39 | Deep Dive |
| CVE-2025-32241 | WordPress Official CleverReach WooCommerce Integration plugin <= 3.4.6 - CSRF to Settings Change vulnerability | CleverReach® | Official CleverReach Plugin for WooCommerce | Medium | 6.5 | 2025-04-04 15:59:23 | Deep Dive |
| CVE-2025-32234 | WordPress AdMail plugin <= 1.7.0 - Broken Access Control vulnerability | aleswebs | AdMail – Multilingual Back in-Stock Notifier for WooCommerce | Medium | 4.3 | 2025-04-04 15:59:20 | Deep Dive |
| CVE-2025-32207 | WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerability | Anzar Ahmed | Ni WooCommerce Cost Of Goods | Medium | 6.5 | 2025-04-04 15:59:12 | Deep Dive |
| CVE-2025-32181 | WordPress Search, Filters & Merchandising for WooCommerce plugin <= 3.0.58 - Stored Cross Site Scripting (XSS) vulnerability | Fast Simon | Search, Filters & Merchandising for WooCommerce | Medium | 6.5 | 2025-04-04 15:58:57 | Deep Dive |
| CVE-2025-22285 | WordPress Pallet Packaging for WooCommerce Plugin <= 1.1.15 - Broken Access Control vulnerability | enituretechnology | Pallet Packaging for WooCommerce | 中危 | - | 2025-04-04 13:53:34 | Deep Dive |
| CVE-2025-31405 | WordPress Fami WooCommerce Compare plugin <= 1.0.5 - Local File Inclusion vulnerability | zankover | Fami WooCommerce Compare | High | 7.5 | 2025-04-04 13:26:11 | Deep Dive |
| CVE-2024-13708 | Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Stored Cross-Site Scripting | pluggabl | Booster for WooCommerce | High | 7.2 | 2025-04-04 05:22:47 | Deep Dive |
| CVE-2024-13744 | Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload | pluggabl | Booster for WooCommerce | High | 8.1 | 2025-04-04 04:21:23 | Deep Dive |
| CVE-2025-31794 | WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerability | Web Ready Now | WR Price List Manager For Woocommerce | Medium | 5.4 | 2025-04-03 13:27:14 | Deep Dive |
| CVE-2025-31795 | WordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerability | Plugin Devs | Shopify to WooCommerce Migration | Medium | 6.5 | 2025-04-03 13:27:14 | Deep Dive |
| CVE-2025-31758 | WordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerability | BinaryCarpenter | Free Woocommerce Product Table View | Medium | 6.5 | 2025-04-03 13:27:13 | Deep Dive |