| CVE-2026-1926 | Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation | wpswings | Subscriptions for WooCommerce | Medium | 5.3 | 2026-03-18 03:37:15 | Deep Dive |
| CVE-2026-32586 | WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability | Pluggabl | Booster for WooCommerce | - | - | 2026-03-17 08:24:13 | Deep Dive |
| CVE-2026-2579 | WowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter | wpxpo | WowStore – Store Builder & Product Blocks for WooCommerce | High | 7.5 | 2026-03-17 01:24:29 | Deep Dive |
| CVE-2026-32457 | WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.18 - Broken Access Control vulnerability | Wombat Plugins | Advanced Product Fields (Product Addons) for WooCommerce | 中危 | - | 2026-03-13 11:42:23 | Deep Dive |
| CVE-2026-32450 | WordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability | RealMag777 | Active Products Tables for WooCommerce | 中危 | - | 2026-03-13 11:42:21 | Deep Dive |
| CVE-2026-32443 | WordPress Product Feed PRO for WooCommerce plugin <= 13.5.2 - Cross Site Request Forgery (CSRF) vulnerability | Josh Kohlbach | Product Feed PRO for WooCommerce | 中危 | - | 2026-03-13 11:42:20 | Deep Dive |
| CVE-2026-32412 | WordPress Gift Up Gift Cards for WordPress and WooCommerce plugin <= 3.1.7 - Server Side Request Forgery (SSRF) vulnerability | Gift Up! | Gift Up Gift Cards for WordPress and WooCommerce | 中危 | - | 2026-03-13 11:42:15 | Deep Dive |
| CVE-2026-32410 | WordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerability | WBW Plugins | WBW Currency Switcher for WooCommerce | 中危 | - | 2026-03-13 11:42:14 | Deep Dive |
| CVE-2026-32407 | WordPress WPC Smart Wishlist for WooCommerce plugin <= 5.0.8 - Broken Access Control vulnerability | WPClever | WPC Smart Wishlist for WooCommerce | 中危 | - | 2026-03-13 11:42:14 | Deep Dive |
| CVE-2026-32406 | WordPress WPC Product Bundles for WooCommerce plugin <= 8.4.5 - Broken Access Control vulnerability | WPClever | WPC Product Bundles for WooCommerce | 中危 | - | 2026-03-13 11:42:13 | Deep Dive |
| CVE-2026-32398 | WordPress TeraWallet – For WooCommerce plugin <= 1.5.15 - Race Condition vulnerability | Subrata Mal | TeraWallet – For WooCommerce | 中危 | - | 2026-03-13 11:42:12 | Deep Dive |
| CVE-2026-32372 | WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 3.2.4 - Sensitive Data Exposure vulnerability | RadiusTheme | ShopBuilder – Elementor WooCommerce Builder Addons | 中危 | - | 2026-03-13 11:42:07 | Deep Dive |
| CVE-2026-31919 | WordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.7.1 - Broken Access Control vulnerability | Josh Kohlbach | Advanced Coupons for WooCommerce Coupons | 中危 | - | 2026-03-13 11:41:54 | Deep Dive |
| CVE-2026-3891 | Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload | linknacional | Pix for WooCommerce | Critical | 9.8 | 2026-03-13 07:23:38 | Deep Dive |
| CVE-2026-3231 | Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field | themehigh | Checkout Field Editor (Checkout Manager) for WooCommerce | High | 7.2 | 2026-03-11 09:25:45 | Deep Dive |
| CVE-2026-3589 | WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF | Automattic | WooCommerce | 中危 | - | 2026-03-06 09:11:11 | Deep Dive |
| CVE-2026-28114 | WordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerability | firassaidi | WooCommerce License Manager | 中危 | - | 2026-03-05 05:54:28 | Deep Dive |
| CVE-2026-27376 | WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability | JanStudio | Claue - Clean, Minimal Elementor WooCommerce Theme | 中危 | - | 2026-03-05 05:53:57 | Deep Dive |
| CVE-2026-27374 | WordPress WooCommerce Order Details plugin <= 3.1 - Broken Access Control vulnerability | vanquish | WooCommerce Order Details | 中危 | - | 2026-03-05 05:53:56 | Deep Dive |
| CVE-2026-27354 | WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability | WebCodingPlace | WooCommerce Coming Soon Product with Countdown | 中危 | - | 2026-03-05 05:53:54 | Deep Dive |