| CVE-2024-13358 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.24 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update | themekraft | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages | Medium | 4.3 | 2025-03-01 03:22:19 | Deep Dive |
| CVE-2024-10860 | NextMove Lite – Thank You Page for WooCommerce <= 2.19.0 - Missing Authorization to Authenticated (Subscriber+) Deactivation Reason Submission | xlplugins | NextMove Lite – Thank You Page for WooCommerce | Medium | 4.3 | 2025-02-28 09:22:44 | Deep Dive |
| CVE-2024-8425 | WooCommerce Ultimate Gift Card <= 2.9.2 - Unauthenticated Arbitrary File Upload | WP Swings | WooCommerce Ultimate Gift Card | Critical | 9.8 | 2025-02-28 08:23:17 | Deep Dive |
| CVE-2024-13638 | Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | sldesignpl | Order Attachments for WooCommerce | Medium | 5.9 | 2025-02-28 08:23:17 | Deep Dive |
| CVE-2024-13831 | Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs | wpbranch | Tabs for WooCommerce | High | 7.2 | 2025-02-28 08:23:17 | Deep Dive |
| CVE-2024-10563 | WooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSS | Unknown | WooCommerce Cart Count Shortcode | 中危 | - | 2025-02-26 06:00:06 | Deep Dive |
| CVE-2025-26928 | WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability | Xfinitysoft | Order Limit for WooCommerce | Medium | 4.3 | 2025-02-25 14:17:54 | Deep Dive |
| CVE-2025-26878 | WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability | patternsinthecloud | Autoship Cloud for WooCommerce Subscription Products | Medium | 6.5 | 2025-02-25 14:17:51 | Deep Dive |
| CVE-2025-27355 | WordPress Woocommerce – Loi Hamon Plugin <= 1.1.0 - CSRF to Stored XSS vulnerability | Nicolas GRILLET | Woocommerce – Loi Hamon | High | 7.1 | 2025-02-24 14:49:26 | Deep Dive |
| CVE-2025-27347 | WordPress Direct Checkout Button for WooCommerce plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability | techmix | Direct Checkout Button for WooCommerce | Medium | 6.5 | 2025-02-24 14:49:21 | Deep Dive |
| CVE-2025-27342 | WordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerability | josesan | WooCommerce Recargo de Equivalencia | Medium | 4.3 | 2025-02-24 14:49:20 | Deep Dive |
| CVE-2025-27331 | WordPress WooCommerce Display Products by Tags plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | Sébastien Dumont | WooCommerce Display Products by Tags | Medium | 6.5 | 2025-02-24 14:49:15 | Deep Dive |
| CVE-2025-22632 | WordPress WooCommerce Pricing – Product Pricing plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability | totalsoft | WooCommerce Pricing – Product Pricing | High | 7.1 | 2025-02-23 22:55:06 | Deep Dive |
| CVE-2024-13461 | Autoship Cloud for WooCommerce Subscription Products <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | patternsinthecloud | Autoship Cloud for WooCommerce Subscription Products | Medium | 6.4 | 2025-02-21 09:21:05 | Deep Dive |
| CVE-2024-13792 | WooCommerce Food - Restaurant Menu & Food ordering <= 3.3.2 - Unauthenticated Arbitrary Shortcode Execution via ids | Ex-Themes | WooCommerce Food - Restaurant Menu & Food ordering | High | 7.3 | 2025-02-20 09:21:40 | Deep Dive |
| CVE-2024-13520 | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note Updates | codemenschen | Gift Cards (Gift Vouchers and Packages) (WooCommerce Supported) | Medium | 5.3 | 2025-02-20 09:21:36 | Deep Dive |
| CVE-2025-1064 | Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode | xootix | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | Medium | 6.4 | 2025-02-20 08:22:07 | Deep Dive |
| CVE-2025-22639 | WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability | Techspawn | Distance Rate Shipping for WooCommerce | High | 8.5 | 2025-02-18 19:54:28 | Deep Dive |
| CVE-2024-13797 | PressMart - Modern Elementor WooCommerce WordPress Theme <= 1.2.16 - Unauthenticated Arbitrary Shortcode Execution | PressLayouts | PressMart - Modern Elementor WooCommerce WordPress Theme | High | 7.3 | 2025-02-18 11:10:18 | Deep Dive |
| CVE-2024-13718 | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification | wpdesk | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later | Medium | 4.3 | 2025-02-18 08:21:43 | Deep Dive |