| CVE-2025-4055 | Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode | josj404 | Multiple Post Type Order | Medium | 6.4 | 2025-05-07 01:43:09 | Deep Dive |
| CVE-2025-2907 | Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update | Unknown | Order Delivery Date | 高危 | - | 2025-04-26 06:00:05 | Deep Dive |
| CVE-2025-1284 | Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure | xpertsclub | Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) | Medium | 4.3 | 2025-04-24 08:23:49 | Deep Dive |
| CVE-2025-23858 | WordPress Custom Users Order Plugin <= 4.2 - Reflected Cross Site Scripting (XSS) vulnerability | Hiren Patel | Custom Users Order | High | 7.1 | 2025-04-17 15:48:28 | Deep Dive |
| CVE-2025-30729 | Oracle Communications Applications 安全漏洞 | Oracle Corporation | Oracle Communications Order and Service Management | Medium | 5.5 | 2025-04-15 20:31:18 | Deep Dive |
| CVE-2025-2805 | ORDER POST <= 2.0.2 - Unauthenticated Arbitrary Shortcode Execution | vikashsrivastava1111989 | ORDER POST | High | 7.3 | 2025-04-10 07:02:40 | Deep Dive |
| CVE-2025-32645 | WordPress Custom Posts Order Plugin <= 4.4 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | Hiren Patel | Custom Posts Order | High | 7.1 | 2025-04-09 16:09:21 | Deep Dive |
| CVE-2025-32263 | WordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerability | BeRocket | Sequential Order Numbers for WooCommerce | Medium | 4.3 | 2025-04-04 15:59:39 | Deep Dive |
| CVE-2025-31089 | WordPress Order Splitter for WooCommerce plugin <= 5.3.0 - SQL Injection Vulnerability | Fahad Mahmood | Order Splitter for WooCommerce | High | 8.5 | 2025-04-01 20:58:10 | Deep Dive |
| CVE-2025-31445 | WordPress Pages Order plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability | Sed Lex | Pages Order | High | 7.1 | 2025-04-01 20:58:10 | Deep Dive |
| CVE-2024-13553 | SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Critical | 9.8 | 2025-04-01 11:12:29 | Deep Dive |
| CVE-2025-22667 | WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability | Creative Werk Designs | Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets | Medium | 4.3 | 2025-03-27 14:24:01 | Deep Dive |
| CVE-2025-30781 | WordPress Scheduled & Automatic Order Status Controller for WooCommerce plugin <= 3.7.1 - Open Redirection Vulnerability | WPFactory | Scheduled & Automatic Order Status Controller for WooCommerce | Medium | 4.7 | 2025-03-27 10:54:45 | Deep Dive |
| CVE-2024-13920 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function | webtoffee | Order Export & Order Import for WooCommerce | Medium | 4.9 | 2025-03-20 11:11:28 | Deep Dive |
| CVE-2024-13921 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter | webtoffee | Order Export & Order Import for WooCommerce | High | 7.2 | 2025-03-20 11:11:28 | Deep Dive |
| CVE-2024-13922 | Order Export & Order Import for WooCommerce <= 2.6.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page Function | webtoffee | Order Export & Order Import for WooCommerce | Low | 2.7 | 2025-03-20 11:11:26 | Deep Dive |
| CVE-2024-13923 | Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function | webtoffee | Order Export & Order Import for WooCommerce | High | 7.6 | 2025-03-20 11:11:26 | Deep Dive |
| CVE-2025-26553 | WordPress Pre Order Addon for WooCommerce plugin<= 1.0.7 - Reflected Cross-Site Scripting | Spring Devs | Pre Order Addon for WooCommerce – Advance Order/Backorder Plugin | High | 7.1 | 2025-03-15 21:57:01 | Deep Dive |
| CVE-2025-26933 | WordPress Place Order Without Payment for WooCommerce plugin <= 2.6.7 - Local File Inclusion vulnerability | Nitin Prakash | WC Place Order Without Payment | High | 7.5 | 2025-03-10 14:34:39 | Deep Dive |
| CVE-2025-26984 | WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - Reflected Cross Site Scripting (XSS) vulnerability | Cozy Vision | SMS Alert Order Notifications | High | 7.1 | 2025-03-03 13:30:42 | Deep Dive |