| CVE-2025-22694 | WordPress Hide Shipping Method For WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability | Dotstore | Hide Shipping Method For WooCommerce | Medium | 4.3 | 2025-02-03 14:23:53 | Deep Dive |
| CVE-2025-24639 | WordPress Korea for WooCommerce plugin <= 1.1.11 - Sensitive Data Exposure vulnerability | Greys | Korea for WooCommerce | Medium | 6.5 | 2025-02-03 14:22:48 | Deep Dive |
| CVE-2025-24574 | WordPress PeproDev WooCommerce Receipt Uploader plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability | Pepro Dev. Group | PeproDev WooCommerce Receipt Uploader | High | 7.1 | 2025-02-03 14:22:47 | Deep Dive |
| CVE-2024-13775 | WooCommerce Support Ticket System <= 17.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Information Exposure | vanquish | WooCommerce Support Ticket System | Medium | 5.4 | 2025-02-01 12:21:31 | Deep Dive |
| CVE-2024-11829 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2025-02-01 06:41:52 | Deep Dive |
| CVE-2024-13341 | MultiLoca - WooCommerce Multi Locations Inventory Management <= 4.1.11 - Authenticated (Subscriber+) SQL Injection | Techspawn | MultiLoca - WooCommerce Multi Locations Inventory Management | Medium | 6.5 | 2025-02-01 06:41:51 | Deep Dive |
| CVE-2024-13343 | WooCommerce Customers Manager <= 31.3 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation | Vanquish | WooCommerce Customers Manager | High | 8.8 | 2025-02-01 03:21:11 | Deep Dive |
| CVE-2024-13472 | WooCommerce Product Table Lite <= 3.9.4 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting | wcproducttable | Product Table and List Builder for WooCommerce Lite | High | 7.3 | 2025-01-31 09:21:23 | Deep Dive |
| CVE-2025-24632 | WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.9.0 -Reflected Cross Site Scripting (XSS) vulnerability | algol.plus | Advanced Dynamic Pricing for WooCommerce | High | 7.1 | 2025-01-31 08:24:41 | Deep Dive |
| CVE-2025-24597 | WordPress Barcode Generator for WooCommerce plugin <= 2.0.2 - Sensitive Data Exposure vulnerability | Dmitry V. (CEO of "UKR Solution") | Barcode Generator for WooCommerce | Medium | 6.5 | 2025-01-31 08:24:40 | Deep Dive |
| CVE-2025-24551 | WordPress Radio Buttons and Swatches for WooCommerce plugin <= 1.1.20 - Reflected Cross Site Scripting (XSS) vulnerability | oneteamsoftware | Radio Buttons and Swatches for WooCommerce | High | 7.1 | 2025-01-31 08:24:40 | Deep Dive |
| CVE-2024-13623 | Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | webfactory | Order Export for WooCommerce | Medium | 5.9 | 2025-01-31 06:40:18 | Deep Dive |
| CVE-2024-13415 | Food Menu – Restaurant Menu & Online Ordering for WooCommerce <= 5.1.4 - Missing Authorization to Authenticated (Subscriber+) Settings Update | techlabpro1 | Food Menu – Restaurant Menu & Online Ordering for WooCommerce | Medium | 4.3 | 2025-01-31 05:22:35 | Deep Dive |
| CVE-2024-13424 | Ni Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission Update | anzia | Ni Sales Commission For WooCommerce | Medium | 4.3 | 2025-01-31 05:22:35 | Deep Dive |
| CVE-2025-0493 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.14 - Unauthenticated Limited Local File Inclusion | wcmp | MultiVendorX – WooCommerce Multivendor Marketplace Solutions | Critical | 9.8 | 2025-01-31 04:21:47 | Deep Dive |
| CVE-2024-10591 | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics <= 1.5.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Options Update | makewebbetter | MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics | High | 8.8 | 2025-01-30 13:42:09 | Deep Dive |
| CVE-2024-12861 | W2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read | villatheme | W2S – Migrate WooCommerce to Shopify | Medium | 6.5 | 2025-01-30 13:42:04 | Deep Dive |
| CVE-2024-13652 | ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion | ecpaytechsupport | ECPay Ecommerce for WooCommerce | Medium | 4.3 | 2025-01-30 13:41:59 | Deep Dive |
| CVE-2024-13694 | WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function | moreconvert | MoreConvert Wishlist for WooCommerce | High | 7.5 | 2025-01-30 08:21:26 | Deep Dive |
| CVE-2024-13696 | Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter | wpdesk | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later | High | 7.2 | 2025-01-29 07:21:27 | Deep Dive |