| CVE-2024-13920 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Order Export & Order Import for WooCommerce | Medium | 4.9 | 2025-03-20 11:11:28 | Deep Dive |
| CVE-2024-13558 | NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure | gplsaver | NP Quote Request for WooCommerce | High | 7.5 | 2025-03-20 11:11:27 | Deep Dive |
| CVE-2024-13923 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Order Export & Order Import for WooCommerce | High | 7.6 | 2025-03-20 11:11:26 | Deep Dive |
| CVE-2024-13922 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function | webtoffee | Order Export & Order Import for WooCommerce | Low | 2.7 | 2025-03-20 11:11:26 | Deep Dive |
| CVE-2025-26875 | WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.3 - SQL Injection vulnerability | silverplugins217 | Multiple Shipping And Billing Address For Woocommerce | Critical | 9.3 | 2025-03-15 21:57:02 | Deep Dive |
| CVE-2025-26899 | WordPress Recapture for WooCommerce Plugin <= 1.0.43 - CSRF to Settings Change vulnerability | Recapture Cart Recovery and Email Marketing | Recapture for WooCommerce | Medium | 6.5 | 2025-03-15 21:57:02 | Deep Dive |
| CVE-2025-26553 | WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting | Spring Devs | Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin | High | 7.1 | 2025-03-15 21:57:01 | Deep Dive |
| CVE-2024-12336 | WC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-all | codexpert | WC Affiliate – WooCommerce Affiliate Plugin | Medium | 6.5 | 2025-03-15 03:23:25 | Deep Dive |
| CVE-2024-13824 | CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection | Potenzaglobalsolutions | CiyaShop - Multipurpose WooCommerce Theme | Critical | 9.8 | 2025-03-14 06:43:18 | Deep Dive |
| CVE-2025-1527 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2025-03-12 11:13:33 | Deep Dive |
| CVE-2024-12589 | Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer | djeet | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | Medium | 6.4 | 2025-03-12 07:00:23 | Deep Dive |
| CVE-2025-1661 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Critical | 9.8 | 2025-03-11 03:22:19 | Deep Dive |
| CVE-2025-1363 | easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS | Unknown | URL Shortener | Conversion Tracking | AB Testing | WooCommerce | 低危 | - | 2025-03-09 06:00:05 | Deep Dive |
| CVE-2025-1362 | easy-broken-link-checker <= 9.0.2 - Bulk Actions via CSRF | Unknown | URL Shortener | Conversion Tracking | AB Testing | WooCommerce | 中危 | - | 2025-03-09 06:00:04 | Deep Dive |
| CVE-2024-13359 | Product Input Fields for WooCommerce <= 1.12.0 - Unauthenticated Limited File Upload | tychesoftwares | Product Input Fields for WooCommerce | High | 8.1 | 2025-03-08 09:22:54 | Deep Dive |
| CVE-2025-1287 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-03-08 08:22:58 | Deep Dive |
| CVE-2024-13640 | Print Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | tychesoftwares | Print Invoice & Delivery Notes for WooCommerce | Medium | 5.9 | 2025-03-08 04:21:04 | Deep Dive |
| CVE-2024-13774 | Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name | wpcodefactory | Wishlist for WooCommerce: Multi Wishlists Per Customer | Medium | 6.1 | 2025-03-08 02:24:05 | Deep Dive |
| CVE-2024-13904 | Platform.ly for WooCommerce <= 1.1.6 - Unauthenticated Blind Server-Side Request Forgery | platformlycom | Platform.ly for WooCommerce | Medium | 5.3 | 2025-03-07 08:21:26 | Deep Dive |
| CVE-2024-10804 | Ultimate Video Player <= 10.0 - Unauthenticated Arbitrary File Download | FWDesign | Ultimate Video Player WordPress & WooCommerce Plugin | High | 7.5 | 2025-03-07 08:21:25 | Deep Dive |