| CVE-2025-13924 | Advanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and Publication | maartenbelmans | Advanced Product Fields (Product Addons) for WooCommerce | Medium | 4.3 | 2025-12-09 17:23:32 | Deep Dive |
| CVE-2025-62996 | WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability | Code Amp | Custom Layouts – Post + Product grids made easy | - | - | 2025-12-09 14:52:26 | Deep Dive |
| CVE-2025-67557 | WordPress WP eBay Product Feeds plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability | Rhys Wynne | WP eBay Product Feeds | Medium | 5.9 | 2025-12-09 14:14:09 | Deep Dive |
| CVE-2025-12130 | WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion | wcvendors | WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors | Medium | 4.3 | 2025-12-05 07:26:18 | Deep Dive |
| CVE-2025-10554 | Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x | Dassault Systèmes | ENOVIA Product Manager | High | 8.7 | 2025-11-24 15:31:40 | Deep Dive |
| CVE-2025-66089 | WordPress Product Feed for WooCommerce plugin <= 2.3.1 - Broken Access Control vulnerability | WebToffee | Product Feed for WooCommerce | Medium | 4.3 | 2025-11-21 12:29:59 | Deep Dive |
| CVE-2025-12964 | Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget | nalam-1 | Magical Shop Builder – WooCommerce Template Builder for Elementor | Shop, Cart, Checkout & Product Page Builder | Medium | 6.4 | 2025-11-21 09:27:01 | Deep Dive |
| CVE-2025-5092 | Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library | lightgalleryteam | LightGallery WP | Medium | 6.4 | 2025-11-20 06:38:42 | Deep Dive |
| CVE-2025-12639 | wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure | sundayfanz | wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce | Medium | 4.3 | 2025-11-18 09:27:39 | Deep Dive |
| CVE-2025-13088 | Category and Product Woocommerce Tabs <= 1.0 - Authenticated (Contributor+) Local File Inclusion | ikhodal | Category and Product Woocommerce Tabs | High | 8.8 | 2025-11-18 08:27:37 | Deep Dive |
| CVE-2025-60248 | WordPress WPC Product Options for WooCommerce plugin <= 3.1.3 - Local File Inclusion vulnerability | WPClever | WPC Product Options for WooCommerce | 中危 | - | 2025-11-06 15:55:21 | Deep Dive |
| CVE-2025-60194 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Local File Inclusion vulnerability | Premmerce | Premmerce Product Search for WooCommerce | High | 7.5 | 2025-11-06 15:54:51 | Deep Dive |
| CVE-2025-64290 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | Premmerce | Premmerce Product Search for WooCommerce | Medium | 4.3 | 2025-10-29 08:38:15 | Deep Dive |
| CVE-2025-64289 | WordPress Premmerce Product Search for WooCommerce plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability | Premmerce | Premmerce Product Search for WooCommerce | - | - | 2025-10-29 08:38:15 | Deep Dive |
| CVE-2025-8416 | Product Filter by WBW <= 2.9.7 - Unauthenticated SQL Injection | woobewoo | Product Filter for WooCommerce by WBW | High | 7.5 | 2025-10-25 06:49:25 | Deep Dive |
| CVE-2025-11269 | Product Filter by WBW <= 3.0.0 - Missing Authorization to Unauthenticated Settings Update | woobewoo | Product Filter for WooCommerce by WBW | Medium | 5.3 | 2025-10-25 05:31:18 | Deep Dive |
| CVE-2025-62061 | WordPress Product Catalog Simple plugin <= 1.8.4 - Cross Site Request Forgery (CSRF) vulnerability | impleCode | Product Catalog Simple | Medium | 4.3 | 2025-10-22 14:32:53 | Deep Dive |
| CVE-2025-62008 | WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability | acowebs | Product Table For WooCommerce | - | - | 2025-10-22 14:32:48 | Deep Dive |
| CVE-2025-59007 | WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability | themesflat | TF Woo Product Grid Addon For Elementor | Critical | 9.8 | 2025-10-22 14:32:37 | Deep Dive |
| CVE-2025-53043 | Oracle E-Business Suite 安全漏洞 | Oracle Corporation | Oracle Product Hub | High | 8.1 | 2025-10-21 20:02:56 | Deep Dive |