| CVE-2026-2232 | Product Table and List Builder for WooCommerce Lite <= 4.6.2 - Unauthenticated Time-Based SQL Injection via 'search' Parameter | wcproducttable | Product Table and List Builder for WooCommerce Lite | High | 7.5 | 2026-02-19 16:24:56 | Deep Dive |
| CVE-2026-27066 | WordPress Live sales notification for WooCommerce plugin <= 2.3.60 - Broken Access Control vulnerability | PI Web Solution | Live sales notification for WooCommerce | Medium | 5.3 | 2026-02-19 08:27:11 | Deep Dive |
| CVE-2026-27052 | WordPress Sales Countdown Timer for WooCommerce and WordPress plugin < 1.1.9 - Local File Inclusion vulnerability | villatheme | Sales Countdown Timer for WooCommerce and WordPress | - | - | 2026-02-19 08:27:10 | Deep Dive |
| CVE-2026-25318 | WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability | Wisernotify team | WiserReview Product Reviews for WooCommerce | - | - | 2026-02-19 08:26:55 | Deep Dive |
| CVE-2026-24375 | WordPress Ultimate Gift Cards For WooCommerce plugin <= 3.2.4 - Broken Access Control vulnerability | WP Swings | Ultimate Gift Cards For WooCommerce | - | - | 2026-02-19 08:26:51 | Deep Dive |
| CVE-2026-22333 | WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability | YITHEMES | YITH WooCommerce Compare | - | - | 2026-02-19 08:26:48 | Deep Dive |
| CVE-2026-1455 | Whatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX Action | whatsiplus | Whatsiplus Scheduled Notification for Woocommerce | Medium | 4.3 | 2026-02-19 04:36:26 | Deep Dive |
| CVE-2025-14357 | Mega Store Woocommerce <= 5.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Page Creation and Settings Change | misbahwp | Mega Store Woocommerce | Medium | 5.3 | 2026-02-19 04:36:24 | Deep Dive |
| CVE-2025-12975 | CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation | wahid0003 | Product Feed Manager for WooCommerce – CTX Feed – Support 220+ Shopping & Social Channels | High | 7.2 | 2026-02-19 04:36:11 | Deep Dive |
| CVE-2025-13930 | Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | quadlayers | Checkout Field Manager (Checkout Manager) for WooCommerce | Medium | 5.3 | 2026-02-19 04:36:09 | Deep Dive |
| CVE-2025-14294 | Razorpay for WooCommerce <= 4.7.8 - Missing Authentication to Unauthenticated Order Modification | razorpay | Razorpay for WooCommerce | Medium | 5.3 | 2026-02-19 04:36:07 | Deep Dive |
| CVE-2025-12500 | Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload | quadlayers | Checkout Field Manager (Checkout Manager) for WooCommerce | Medium | 5.3 | 2026-02-19 03:25:20 | Deep Dive |
| CVE-2025-12375 | Printful Integration for WooCommerce <= 2.2.11 - Authenticated (Contributor+) Server-Side Request Forgery | printful | Printful Integration for WooCommerce | Medium | 6.4 | 2026-02-19 03:25:14 | Deep Dive |
| CVE-2026-2386 | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Incorrect Authorization to Authenticated (Author+) Arbitrary Draft Post Creation via 'post_type' | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 4.3 | 2026-02-18 12:28:35 | Deep Dive |
| CVE-2026-1831 | YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Plugin Installation and Activation | yaycommerce | YayMail – WooCommerce Email Customizer | Low | 2.7 | 2026-02-18 07:25:42 | Deep Dive |
| CVE-2026-1943 | YayMail <= 4.3.2 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Template Elements | yaycommerce | YayMail – WooCommerce Email Customizer | Medium | 4.4 | 2026-02-18 07:25:41 | Deep Dive |
| CVE-2026-1938 | YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' Endpoint | yaycommerce | YayMail – WooCommerce Email Customizer | Medium | 5.3 | 2026-02-18 07:25:40 | Deep Dive |
| CVE-2026-2296 | Product Addons for Woocommerce – Product Options with Custom Fields <= 3.1.0 - Authenticated (Shop Manager+) Code Injection via Conditional Logic 'operator' Parameter | acowebs | Product Addons for Woocommerce – Product Options with Custom Fields | High | 7.2 | 2026-02-18 06:42:43 | Deep Dive |
| CVE-2026-1937 | YayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Options Update via 'yaymail_import_state' AJAX Action | yaycommerce | YayMail – WooCommerce Email Customizer | High | 7.2 | 2026-02-18 06:42:41 | Deep Dive |
| CVE-2026-2019 | Cart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' Setting | villatheme | Cart All In One For WooCommerce | High | 7.2 | 2026-02-18 06:42:39 | Deep Dive |