| CVE-2025-26988 | WordPress SMS Alert Order Notifications – WooCommerce plugin <= 3.7.8 - SQL Injection vulnerability | Cozy Vision | SMS Alert Order Notifications | Critical | 9.3 | 2025-03-03 13:30:42 | Deep Dive |
| CVE-2024-13638 | Order Attachments for WooCommerce <= 2.5.1 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | sldesignpl | Order Attachments for WooCommerce | Medium | 5.9 | 2025-02-28 08:23:17 | Deep Dive |
| CVE-2025-26928 | WordPress Order Limit for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability | Xfinitysoft | Order Limit for WooCommerce | Medium | 4.3 | 2025-02-25 14:17:54 | Deep Dive |
| CVE-2024-13641 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.9 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-13692 | Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference | wpswings | Return Refund and Exchange For WooCommerce | Medium | 5.4 | 2025-02-14 05:22:44 | Deep Dive |
| CVE-2024-13623 | Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory | webfactory | Order Export for WooCommerce | Medium | 5.9 | 2025-01-31 06:40:18 | Deep Dive |
| CVE-2025-23495 | WordPress WooCommerce Order Search plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | Chetan Khandla | WooCommerce Order Search | High | 7.1 | 2025-01-22 14:29:13 | Deep Dive |
| CVE-2025-21554 | Oracle Communications Order and Service Management 安全漏洞 | Oracle Corporation | Oracle Communications Order and Service Management | Medium | 5.3 | 2025-01-21 20:53:18 | Deep Dive |
| CVE-2025-21544 | Oracle Communications Applications 安全漏洞 | Oracle Corporation | Oracle Communications Order and Service Management | Medium | 5.4 | 2025-01-21 20:53:14 | Deep Dive |
| CVE-2025-21542 | Oracle Communications Order and Service Management 访问控制错误漏洞 | Oracle Corporation | Oracle Communications Order and Service Management | Medium | 6.3 | 2025-01-21 20:53:13 | Deep Dive |
| CVE-2025-22723 | WordPress Barcode Scanner and Inventory manager plugin <= 1.6.7 - Arbitrary File Upload vulnerability | Dmitry V. (CEO of "UKR Solution") | Barcode Scanner with Inventory & Order Manager | Critical | 9.1 | 2025-01-21 13:57:35 | Deep Dive |
| CVE-2024-13355 | Admin and Customer Messages After Order for WooCommerce <= 13.2 - Authenticated (Subscriber+) Limited File Upload to Cross-Site Scripting | nmedia | Admin and Customer Messages After Order for WooCommerce: OrderConvo | Medium | 5.4 | 2025-01-16 09:39:14 | Deep Dive |
| CVE-2025-22765 | WordPress WP Order By Plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability | weiluri | WP Order By | High | 7.1 | 2025-01-15 15:23:23 | Deep Dive |
| CVE-2025-22337 | WordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability | infosoftplugin | Order Audit Log for WooCommerce | High | 7.1 | 2025-01-13 13:11:35 | Deep Dive |
| CVE-2024-5769 | MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings Update | surakrai | MIMO Woocommerce Order Tracking | Medium | 4.3 | 2025-01-09 11:10:57 | Deep Dive |
| CVE-2024-11725 | SMS Alert Order Notifications – WooCommerce <= 3.7.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | High | 8.8 | 2025-01-07 06:40:56 | Deep Dive |
| CVE-2024-55997 | WordPress Order Delivery & Pickup Location Date Time plugin <= 1.1.0 - Settings Change vulnerability | webchunky | Order Delivery & Pickup Location Date Time | Medium | 6.5 | 2024-12-18 11:38:29 | Deep Dive |
| CVE-2024-54265 | WordPress Barcode Scanner and Inventory manager plugin <= 1.6.6 - Reflected Cross Site Scripting (XSS) vulnerability | Dmitry V. (CEO of "UKR Solution") | Barcode Scanner with Inventory & Order Manager | High | 7.1 | 2024-12-13 14:24:44 | Deep Dive |
| CVE-2024-54231 | WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | Anzar Ahmed | Ni WooCommerce Order Export | High | 7.1 | 2024-12-13 14:24:28 | Deep Dive |
| CVE-2024-12004 | WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | wpclever | WPC Order Notes for WooCommerce | Medium | 6.1 | 2024-12-11 08:57:28 | Deep Dive |