| CVE-2025-0864 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.6 - Reflected Cross-Site Scripting | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | Medium | 6.1 | 2025-02-18 07:28:15 | Deep Dive |
| CVE-2024-13315 | Shopwarden – Automated WooCommerce monitoring & testing <= 1.0.11 - Cross-Site Request Forgery to Arbitrary Options Update | shopwarden | Shopwarden – Automated WooCommerce monitoring & testing | High | 8.8 | 2025-02-18 05:22:28 | Deep Dive |
| CVE-2024-13622 | File Uploads Addon for WooCommerce <= 1.7.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | imagisol | File Uploads Addon for WooCommerce | High | 7.5 | 2025-02-18 04:21:19 | Deep Dive |
| CVE-2024-13540 | WooODT Lite – Delivery & pickup date time location for WooCommerce <= 2.5.1 - Unauthenticated Full Path Dsiclosure | mdalabar | WooODT Lite – Delivery & pickup date time location for WooCommerce | Medium | 5.3 | 2025-02-18 04:21:15 | Deep Dive |
| CVE-2024-13538 | BigBuy Dropshipping Connector for WooCommerce <= 2.0.0 - Unauthenticated Full Path Disclosute | devsmip | BigBuy Dropshipping Connector for WooCommerce | Medium | 5.3 | 2025-02-18 04:21:11 | Deep Dive |
| CVE-2024-13525 | Customer Email Verification for WooCommerce <= 2.9.4 - Authenticated (Contributor+) Sensitive Information Exposure | wpcodefactory | Customer Email Verification for WooCommerce | Medium | 6.5 | 2025-02-15 08:25:07 | Deep Dive |
| CVE-2024-13513 | Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.3 - Sensitive Information Exposure to Privilege Escalation | oliverpos | Oliver POS – A WooCommerce Point of Sale (POS) | Critical | 9.8 | 2025-02-15 07:33:41 | Deep Dive |
| CVE-2025-24592 | WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.8.22 - Reflected Cross Site Scripting (XSS) vulnerability | SysBasics | Customize My Account for WooCommerce | High | 7.1 | 2025-02-14 12:44:35 | Deep Dive |
| CVE-2025-23789 | WordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerability | tahminajannat | URL Shortener | Conversion Tracking | AB Testing | WooCommerce | High | 7.1 | 2025-02-14 12:44:33 | Deep Dive |
| CVE-2024-13735 | HurryTimer <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name | nlemsieh | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | Medium | 6.4 | 2025-02-14 09:21:32 | Deep Dive |
| CVE-2024-13692 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.4 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-13641 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.9 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-13346 | Avada Theme <= 7.11.13 - Unauthenticated Arbitrary Shortcode Execution | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.3 | 2025-02-13 06:58:05 | Deep Dive |
| CVE-2024-13528 | Customer Email Verification for WooCommerce <= 2.9.5 - Authentication Bypass via Shortcode | wpcodefactory | Customer Email Verification for WooCommerce | High | 7.5 | 2025-02-12 09:22:48 | Deep Dive |
| CVE-2024-11746 | Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | samdani | GS Brands for WooCommerce | Medium | 6.4 | 2025-02-12 04:22:14 | Deep Dive |
| CVE-2024-13487 | CURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price Function | villatheme | CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x | High | 7.3 | 2025-02-06 06:53:41 | Deep Dive |
| CVE-2025-24373 | Unrestricted Access to PDF Documents via URL Manipulation in woocommerce-pdf-invoices-packing-slips | wpovernight | woocommerce-pdf-invoices-packing-slips | 中危 | - | 2025-02-04 18:45:51 | Deep Dive |
| CVE-2025-22674 | WordPress Product Blocks for WooCommerce plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability | Get Bowtied | Product Blocks for WooCommerce | Medium | 6.5 | 2025-02-04 14:21:58 | Deep Dive |
| CVE-2025-24661 | WordPress Taxi Booking Manager for WooCommerce plugin <= 1.1.8 - PHP Object Injection vulnerability | magepeopleteam | Taxi Booking Manager for WooCommerce | High | 8.8 | 2025-02-03 14:23:54 | Deep Dive |
| CVE-2025-22694 | WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability | Dotstore | Hide Shipping Method For WooCommerce | Medium | 4.3 | 2025-02-03 14:23:53 | Deep Dive |