| CVE-2024-13317 | ShipWorks Connector for Woocommerce <= 5.2.5 - Cross-Site Request Forgery to Service Password/Username Update | advancedcreation | ShipWorks Connector for Woocommerce | Medium | 4.3 | 2025-01-18 07:05:08 | Deep Dive |
| CVE-2025-23452 | WordPress EditionGuard for WooCommerce plugin <= 3.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | EditionGuard | EditionGuard for WooCommerce – eBook Sales with DRM | High | 7.1 | 2025-01-16 20:06:06 | Deep Dive |
| CVE-2025-23429 | WordPress Altima Lookbook Free for WooCommerce plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability | altima-interactive | Altima Lookbook Free for WooCommerce | 中危 | - | 2025-01-16 20:05:50 | Deep Dive |
| CVE-2024-13355 | Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.4 | 2025-01-16 09:39:14 | Deep Dive |
| CVE-2025-22724 | WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability | MojofyWP | Product Carousel For WooCommerce – WoorouSell | Medium | 6.5 | 2025-01-15 15:23:37 | Deep Dive |
| CVE-2025-22731 | WordPress Build Private Store For Woocommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) vulnerability | silverplugins217 | Build Private Store For Woocommerce | Medium | 4.3 | 2025-01-15 15:23:36 | Deep Dive |
| CVE-2025-22782 | WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability | Web Ready Now | WR Price List Manager For Woocommerce | Critical | 9.9 | 2025-01-15 15:23:13 | Deep Dive |
| CVE-2025-22337 | WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | infosoftplugin | Order Audit Log for WooCommerce | High | 7.1 | 2025-01-13 13:11:35 | Deep Dive |
| CVE-2024-12412 | Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently | WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting | magepeopleteam | Booking and Rental Manager for Bike | Car | Resort | Appointment | Dress | Equipment | Medium | 6.1 | 2025-01-11 07:21:53 | Deep Dive |
| CVE-2024-12116 | Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Disclosure | codepopular | Unlimited Theme Addon For Elementor | Medium | 4.3 | 2025-01-11 07:21:52 | Deep Dive |
| CVE-2024-12204 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization | premio | Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce | Medium | 5.4 | 2025-01-11 02:20:55 | Deep Dive |
| CVE-2024-12627 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection | premio | Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce | High | 7.5 | 2025-01-11 02:20:54 | Deep Dive |
| CVE-2025-22307 | WordPress Product Table for WooCommerce plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability | Saiful Islam | Product Table for WooCommerce | High | 7.1 | 2025-01-09 15:39:33 | Deep Dive |
| CVE-2025-22505 | WordPress NC Wishlist for Woocommerce Plugin <= 1.0.1 - SQL Injection vulnerability | Crispweb | NC Wishlist for Woocommerce | High | 8.5 | 2025-01-09 15:39:29 | Deep Dive |
| CVE-2025-22801 | WordPress Free WooCommerce Theme 99fy Extension plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability | HasThemes | Free WooCommerce Theme 99fy Extension | Medium | 6.5 | 2025-01-09 15:39:21 | Deep Dive |
| CVE-2025-22803 | WordPress Advanced Product Information for WooCommerce plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability | VillaTheme | Advanced Product Information for WooCommerce | Medium | 6.5 | 2025-01-09 15:39:20 | Deep Dive |
| CVE-2025-22809 | WordPress PDF Catalog Woocommerce plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | theme funda | PDF Catalog Woocommerce | Medium | 6.5 | 2025-01-09 15:39:06 | Deep Dive |
| CVE-2025-22818 | WordPress S3Player plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability | S3Bubble | S3Player – WooCommerce & Elementor Integration | Medium | 6.5 | 2025-01-09 15:39:01 | Deep Dive |
| CVE-2024-11815 | Pósturinn\'s Shipping with WooCommerce <= 1.3.1 - Reflected Cross-Site Scripting | posturinn | Pósturinn\'s Shipping with WooCommerce | Medium | 6.1 | 2025-01-09 11:11:01 | Deep Dive |
| CVE-2024-12218 | Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | phoeniixx | Woocommerce check pincode/zipcode for shipping | Medium | 6.1 | 2025-01-09 11:10:59 | Deep Dive |