| CVE-2025-15482 | Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure | chapaet | Chapa Payment Gateway Plugin for WooCommerce | Medium | 5.3 | 2026-02-04 08:25:27 | Deep Dive |
| CVE-2026-24992 | WordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.2 - Sensitive Data Exposure vulnerability | WPFactory | Advanced WooCommerce Product Sales Reporting | - | - | 2026-02-03 14:08:37 | Deep Dive |
| CVE-2026-1447 | Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | Medium | 5.4 | 2026-02-03 06:38:06 | Deep Dive |
| CVE-2026-0702 | VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields' | wpcreatix | VidShop – Shoppable Videos for WooCommerce | High | 7.5 | 2026-01-28 08:26:55 | Deep Dive |
| CVE-2026-1381 | Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields | wpcodefactory | Order Minimum/Maximum Amount Limits for WooCommerce | Medium | 4.4 | 2026-01-28 08:26:55 | Deep Dive |
| CVE-2025-14971 | Link Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/Cancellation | linknacional | Link Invoice Payment for WooCommerce | Medium | 5.3 | 2026-01-27 06:44:14 | Deep Dive |
| CVE-2025-14843 | Wizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order Cancellation | wizit | Wizit Gateway for WooCommerce | Medium | 5.3 | 2026-01-24 07:26:46 | Deep Dive |
| CVE-2026-24625 | WordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerability | Imaginate Solutions | File Uploads Addon for WooCommerce | 中危 | - | 2026-01-23 14:29:07 | Deep Dive |
| CVE-2026-24606 | WordPress Bayarcash WooCommerce plugin <= 4.3.13 - Broken Access Control vulnerability | Web Impian | Bayarcash WooCommerce | Medium | 5.3 | 2026-01-23 14:29:04 | Deep Dive |
| CVE-2026-24585 | WordPress Hyyan WooCommerce Polylang Integration plugin <= 1.5.0 - Broken Access Control vulnerability | Hyyan Abo Fakher | Hyyan WooCommerce Polylang Integration | 中危 | - | 2026-01-23 14:29:00 | Deep Dive |
| CVE-2026-24581 | WordPress Points and Rewards for WooCommerce plugin <= 2.9.5 - Broken Access Control vulnerability | WP Swings | Points and Rewards for WooCommerce | Medium | 5.4 | 2026-01-23 14:28:59 | Deep Dive |
| CVE-2026-24583 | WordPress SumUp Payment Gateway For WooCommerce plugin <= 2.7.9 - Broken Access Control vulnerability | sumup | SumUp Payment Gateway For WooCommerce | Medium | 5.3 | 2026-01-23 14:28:59 | Deep Dive |
| CVE-2026-24562 | WordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerability | Ryviu | Ryviu – Product Reviews for WooCommerce | 中危 | - | 2026-01-23 14:28:55 | Deep Dive |
| CVE-2026-24553 | WordPress Fraud Prevention For Woocommerce plugin <= 2.3.2 - Sensitive Data Exposure vulnerability | Dotstore | Fraud Prevention For Woocommerce | 中危 | - | 2026-01-23 14:28:53 | Deep Dive |
| CVE-2026-24526 | WordPress Email Inquiry & Cart Options for WooCommerce plugin <= 3.4.3 - Cross Site Scripting (XSS) vulnerability | Steve Truman | Email Inquiry & Cart Options for WooCommerce | Medium | 6.5 | 2026-01-23 14:28:49 | Deep Dive |
| CVE-2026-24366 | WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability | YITHEMES | YITH WooCommerce Request A Quote | Medium | 5.3 | 2026-01-22 16:52:45 | Deep Dive |
| CVE-2026-24365 | WordPress Stock Manager for WooCommerce plugin < 3.6.0 - Cross Site Request Forgery (CSRF) vulnerability | storeapps | Stock Manager for WooCommerce | Medium | 5.4 | 2026-01-22 16:52:45 | Deep Dive |
| CVE-2025-69052 | WordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerability | FmeAddons | Registration & Login with Mobile Phone Number for WooCommerce | - | - | 2026-01-22 16:52:20 | Deep Dive |
| CVE-2025-69045 | WordPress FooEvents for WooCommerce plugin <= 1.20.4 - SQL Injection vulnerability | FooEvents | FooEvents for WooCommerce | - | - | 2026-01-22 16:52:19 | Deep Dive |
| CVE-2025-69004 | WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability | XpeedStudio | Bajaar - Highly Customizable WooCommerce WordPress Theme | - | - | 2026-01-22 16:52:17 | Deep Dive |