| CVE-2026-1305 | Japanized for WooCommerce <= 2.8.4 - Missing Authorization to Unauthenticated Paidy Order Manipulation | shoheitanaka | Japanized for WooCommerce | Medium | 5.3 | 2026-02-27 09:23:43 | Deep Dive |
| CVE-2026-28132 | WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability | villatheme | WooCommerce Photo Reviews | - | - | 2026-02-26 08:33:37 | Deep Dive |
| CVE-2026-1929 | Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter | mihail-barinov | Advanced Woo Labels – Product Labels & Badges for WooCommerce | High | 8.8 | 2026-02-25 08:25:32 | Deep Dive |
| CVE-2026-2385 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email Relay | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 5.3 | 2026-02-22 08:24:45 | Deep Dive |
| CVE-2026-24946 | WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.8.0 - Broken Access Control vulnerability | tychesoftwares | Print Invoice & Delivery Notes for WooCommerce | - | - | 2026-02-20 15:47:08 | Deep Dive |
| CVE-2026-22352 | WordPress Persian Woocommerce SMS plugin <= 7.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | PersianScript | Persian Woocommerce SMS | - | - | 2026-02-20 15:47:01 | Deep Dive |
| CVE-2026-22354 | WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability | Dotstore | Woocommerce Category Banner Management | - | - | 2026-02-20 15:47:01 | Deep Dive |
| CVE-2025-69386 | WordPress RVCFDI para Woocommerce plugin <= 8.1.8 - Reflected Cross Site Scripting (XSS) vulnerability | realvirtualmx | RVCFDI para Woocommerce | - | - | 2026-02-20 15:46:55 | Deep Dive |
| CVE-2025-69385 | WordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerability | AgniHD | Cartify - WooCommerce Gutenberg WordPress Theme | Medium | 6.5 | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2025-69381 | WordPress WooCommerce Bulk Product Editor plugin <= 3.0 - Broken Access Control vulnerability | vanquish | WooCommerce Bulk Product Editor | - | - | 2026-02-20 15:46:54 | Deep Dive |
| CVE-2025-69378 | WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability | XforWooCommerce | Product Filter for WooCommerce | High | 7.2 | 2026-02-20 15:46:53 | Deep Dive |
| CVE-2025-69325 | WordPress Primer MyData for Woocommerce plugin <= 4.2.8 - Path Traversal vulnerability | primersoftware | Primer MyData for Woocommerce | - | - | 2026-02-20 15:46:49 | Deep Dive |
| CVE-2025-68834 | WordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerability | Saiful Islam | Sync Master Sheet – Product Sync with Google Sheet for WooCommerce | High | 7.5 | 2026-02-20 15:46:41 | Deep Dive |
| CVE-2025-68552 | WordPress WooCommerce Coming Soon Product with Countdown plugin <= 5.0 - Local File Inclusion vulnerability | WebCodingPlace | WooCommerce Coming Soon Product with Countdown | High | 7.5 | 2026-02-20 15:46:41 | Deep Dive |
| CVE-2025-68501 | WordPress Mollie Payments for WooCommerce plugin <= 8.1.1 - Reflected Cross Site Scripting (XSS) vulnerability | Mollie | Mollie Payments for WooCommerce | - | - | 2026-02-20 15:46:39 | Deep Dive |
| CVE-2025-68025 | WordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerability | Addonify | Addonify Floating Cart For WooCommerce | Medium | 6.5 | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2025-68024 | WordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerability | Addonify | Addonify – WooCommerce Wishlist | - | - | 2026-02-20 15:46:36 | Deep Dive |
| CVE-2025-68023 | WordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerability | Addonify | Addonify – Compare Products For WooCommerce | Medium | 6.5 | 2026-02-20 15:46:35 | Deep Dive |
| CVE-2025-68022 | WordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerability | soporteblue | Plugin BlueX for WooCommerce | High | 7.3 | 2026-02-20 15:46:35 | Deep Dive |
| CVE-2025-67969 | WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.5.1 - Broken Access Control vulnerability | knitpay | UPI QR Code Payment Gateway for WooCommerce | - | - | 2026-02-20 15:46:29 | Deep Dive |