| CVE-2024-12416 | Woomotiv <= 3.6.1 - Unauthenticated SQL Injection | delabon | Live Sales Notification for Woocommerce – Woomotiv | High | 7.5 | 2025-01-07 03:21:57 | Deep Dive |
| CVE-2024-11934 | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | formaloo | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce | Medium | 6.4 | 2025-01-07 03:21:55 | Deep Dive |
| CVE-2024-12402 | Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation | themescoder | TC Ecommerce – Create Android & iOS Apps for WooCommerce | Critical | 9.8 | 2025-01-07 03:21:54 | Deep Dive |
| CVE-2023-40327 | WordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerability | Putler / Storeapps | Putler Connector for WooCommerce | Medium | 6.5 | 2025-01-02 14:59:14 | Deep Dive |
| CVE-2024-38691 | WordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability | Metorik | Metorik – Reports & Email Automation for WooCommerce | Medium | 4.3 | 2025-01-02 12:01:04 | Deep Dive |
| CVE-2023-46635 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability | YITHEMES | YITH WooCommerce Product Add-Ons | 中危 | - | 2025-01-02 12:00:27 | Deep Dive |
| CVE-2023-45101 | WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability | CusRev | Customer Reviews for WooCommerce | 中危 | - | 2025-01-02 11:59:49 | Deep Dive |
| CVE-2024-56207 | WordPress EditionGuard for WooCommerce – eBook Sales with DRM plugin <= 3.4.2 - CSRF to Privilege Escalation vulnerability | EditionGuard | EditionGuard for WooCommerce – eBook Sales with DRM | High | 8.8 | 2024-12-31 13:33:49 | Deep Dive |
| CVE-2023-50850 | WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability | Woo | WooCommerce Subscriptions | Medium | 4.3 | 2024-12-31 12:46:11 | Deep Dive |
| CVE-2024-56228 | WordPress Wishlist for WooCommerce: Multi Wishlists Per Customer plugin <= 3.1.2 - Reflected Cross Site Scripting (XSS) vulnerability | WPFactory | Wishlist for WooCommerce | High | 7.1 | 2024-12-31 10:28:23 | Deep Dive |
| CVE-2024-56265 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerability | wpweb | WooCommerce PDF Vouchers | High | 7.1 | 2024-12-31 10:14:04 | Deep Dive |
| CVE-2024-56230 | WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin <= 1.1.3 - Local File Inclusion vulnerability | Maidul | Dynamic Product Category Grid, Slider for WooCommerce | High | 7.5 | 2024-12-31 09:58:32 | Deep Dive |
| CVE-2024-11842 | DN Shipping by Weight for WooCommerce < 1.2 - Settings Update via CSRF | Unknown | DN Shipping by Weight for WooCommerce | 中危 | - | 2024-12-27 06:00:15 | Deep Dive |
| CVE-2024-11281 | WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change | Webkul | WooCommerce Point of Sale | Critical | 9.8 | 2024-12-25 06:42:13 | Deep Dive |
| CVE-2024-12413 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization | webwizardsdev | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution | Medium | 5.3 | 2024-12-25 03:21:32 | Deep Dive |
| CVE-2024-12032 | Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 6.5 | 2024-12-25 03:21:31 | Deep Dive |
| CVE-2024-12210 | Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion | tychesoftwares | Print Invoice & Delivery Notes for WooCommerce | Medium | 4.3 | 2024-12-24 05:23:44 | Deep Dive |
| CVE-2024-12266 | ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization | elextensions | ELEX WooCommerce Dynamic Pricing and Discounts | Medium | 6.5 | 2024-12-24 04:22:44 | Deep Dive |
| CVE-2024-12721 | Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection | webbuilder143 | Custom Product tabs for WooCommerce | High | 7.2 | 2024-12-21 07:03:00 | Deep Dive |
| CVE-2024-11938 | One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode | wpswings | One Click Upsell Funnel for Woocommerce | Medium | 6.4 | 2024-12-21 07:03:00 | Deep Dive |