| CVE-2025-30839 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.2.1 - Broken Access Control vulnerability | magepeopleteam | Taxi Booking Manager for WooCommerce | Medium | 5.3 | 2025-03-27 10:55:23 | Deep Dive |
| CVE-2025-30801 | WordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerability | Abu Bakar | TWB Woocommerce Reviews | Medium | 4.3 | 2025-03-27 10:54:54 | Deep Dive |
| CVE-2025-30791 | WordPress Cart tracking for WooCommerce plugin <= 1.0.16 - SQL Injection Vulnerability | wpdever | Cart tracking for WooCommerce | High | 7.6 | 2025-03-27 10:54:51 | Deep Dive |
| CVE-2025-30781 | WordPress Scheduled & Automatic Order Status Controller for WooCommerce plugin <= 3.7.1 - Open Redirection Vulnerability | WPFactory | Scheduled & Automatic Order Status Controller for WooCommerce | Medium | 4.7 | 2025-03-27 10:54:45 | Deep Dive |
| CVE-2025-30772 | WordPress WPC Smart Upsell Funnel for WooCommerce plugin <= 3.0.4 - Arbitrary Option Update to Privilege Escalation vulnerability | WPClever | WPC Smart Upsell Funnel for WooCommerce | High | 8.8 | 2025-03-27 10:54:38 | Deep Dive |
| CVE-2025-26929 | WordPress Accounting for WooCommerce plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability | Bastien Ho | Accounting for WooCommerce | Medium | 5.9 | 2025-03-26 14:42:49 | Deep Dive |
| CVE-2025-28942 | WordPress Trust Payments Gateway for WooCommerce plugin <= 1.1.4 - SQL Injection vulnerability | Trust Payments | Trust Payments Gateway for WooCommerce | Critical | 9.3 | 2025-03-26 14:24:26 | Deep Dive |
| CVE-2025-28889 | WordPress Custom Product Stickers for Woocommerce plugin <= 1.9.0 - Reflected Cross Site Scripting (XSS) vulnerability | starblank | Custom Product Stickers for Woocommerce | High | 7.1 | 2025-03-26 14:24:23 | Deep Dive |
| CVE-2025-26566 | WordPress In Stock Mailer for WooCommerce Plugin <= 2.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | Frank | In Stock Mailer for WooCommerce | High | 7.1 | 2025-03-26 14:24:20 | Deep Dive |
| CVE-2025-26541 | WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce plugin <= 1.7.6 - Reflected Cross Site Scripting (XSS) vulnerability | CodeSolz | Bitcoin / AltCoin Payment Gateway for WooCommerce | High | 7.1 | 2025-03-26 14:24:18 | Deep Dive |
| CVE-2025-1913 | Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | High | 7.2 | 2025-03-26 11:55:53 | Deep Dive |
| CVE-2025-1911 | Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | Low | 2.7 | 2025-03-26 11:55:53 | Deep Dive |
| CVE-2025-1912 | Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | High | 7.6 | 2025-03-26 11:55:52 | Deep Dive |
| CVE-2025-1769 | Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Product Import Export for WooCommerce – Import Export Product CSV Suite | Medium | 4.9 | 2025-03-26 11:22:09 | Deep Dive |
| CVE-2025-1514 | Active Products Tables for WooCommerce <= 1.0.6.7 - Unauthenticated Arbitrary Filter Call | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | High | 7.3 | 2025-03-26 08:21:51 | Deep Dive |
| CVE-2024-12109 | Product Labels For Woocommerce < 1.5.9 - Admin+ SQLi | Unknown | Product Labels For Woocommerce (Sale Badges) | 中危 | - | 2025-03-25 06:00:11 | Deep Dive |
| CVE-2024-10638 | Product Labels For Woocommerce < 1.5.11 - Admin+ SQLi | Unknown | Product Labels For Woocommerce (Sale Badges) | 中危 | - | 2025-03-25 06:00:09 | Deep Dive |
| CVE-2025-2186 | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit <= 3.5.1 - Unauthenticated SQL Injection via 'automationId' | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 7.5 | 2025-03-22 12:42:12 | Deep Dive |
| CVE-2025-1311 | WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection | wclovers | WCFM – Multivendor Marketplace REST API for WooCommerce | Medium | 6.5 | 2025-03-22 06:41:12 | Deep Dive |
| CVE-2024-13921 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Order Export & Order Import for WooCommerce | High | 7.2 | 2025-03-20 11:11:28 | Deep Dive |