| CVE-2024-31266 | WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability | AlgolPlus | Advanced Order Export For WooCommerce | Critical | 9.1 | 2024-04-25 08:43:06 | Deep Dive |
| CVE-2024-32675 | WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability | Xfinity Soft | Order Limit for WooCommerce | Medium | 6.5 | 2024-04-24 15:26:56 | Deep Dive |
| CVE-2024-32524 | WordPress Custom Order Statuses for WooCommerce plugin <= 1.5.2 - Broken Access Control vulnerability | Nuggethon | Custom Order Statuses for WooCommerce | Medium | 4.3 | 2024-04-17 07:29:59 | Deep Dive |
| CVE-2024-32434 | WordPress Order Delivery Date for WooCommerce plugin <= 3.20.2 - Cross Site Request Forgery (CSRF) vulnerability | Tyche Softwares | Order Delivery Date for WooCommerce | Medium | 4.3 | 2024-04-15 08:10:32 | Deep Dive |
| CVE-2024-31238 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Request Forgery (CSRF) vulnerability | Zaytech | Smart Online Order for Clover | Medium | 5.4 | 2024-04-12 13:00:27 | Deep Dive |
| CVE-2024-29789 | WordPress OneClick Chat to Order plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability | Walter Pinem | OneClick Chat to Order | Medium | 6.5 | 2024-03-27 12:44:49 | Deep Dive |
| CVE-2024-1119 | Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export | railmedia | Order Tip for WooCommerce | Medium | 5.3 | 2024-03-20 06:48:27 | Deep Dive |
| CVE-2024-1205 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload | israelb1 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring | High | 8.8 | 2024-03-20 06:48:27 | Deep Dive |
| CVE-2024-27998 | WordPress Barcode Scanner and Inventory manager plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability | Dmitry V. (CEO of "UKR Solution") | Barcode Scanner with Inventory & Order Manager | High | 7.1 | 2024-03-19 16:46:43 | Deep Dive |
| CVE-2024-29115 | WordPress Smart Online Order for Clover plugin <= 1.5.5 - Cross Site Scripting (XSS) vulnerability | Zaytech | Smart Online Order for Clover | Medium | 6.5 | 2024-03-19 14:56:16 | Deep Dive |
| CVE-2024-27196 | WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | Joel Starnes | postMash – custom post order | High | 7.1 | 2024-03-15 12:47:13 | Deep Dive |
| CVE-2024-1489 | SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 4.3 | 2024-03-13 15:27:22 | Deep Dive |
| CVE-2024-25930 | WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | Nuggethon | Custom Order Statuses for WooCommerce | Medium | 4.3 | 2024-02-28 13:17:45 | Deep Dive |
| CVE-2024-25927 | WordPress postMash – custom post order Plugin <= 1.2.0 is vulnerable to SQL Injection | Joel Starnes | postMash – custom post order | Critical | 9.3 | 2024-02-28 12:47:35 | Deep Dive |
| CVE-2024-0678 | Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting | tychesoftwares | Order Delivery Date for WP e-Commerce | Medium | 6.5 | 2024-02-05 21:21:49 | Deep Dive |
| CVE-2024-22135 | WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload | WebToffee | Order Export & Order Import for WooCommerce | High | 8.0 | 2024-01-24 11:51:38 | Deep Dive |
| CVE-2022-34344 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control | Rymera Web Co | Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More | Medium | 5.4 | 2024-01-08 21:13:45 | Deep Dive |
| CVE-2023-5957 | Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution | Unknown | Ni Purchase Order(PO) For WooCommerce | - | - | 2024-01-08 19:00:32 | Deep Dive |
| CVE-2023-49843 | WordPress First Order Discount Woocommerce Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) | QuanticEdge | First Order Discount Woocommerce | Medium | 5.4 | 2023-12-18 14:43:37 | Deep Dive |
| CVE-2023-47521 | WordPress Q2W3 Post Order Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) | Max Bond, AndreSC | Q2W3 Post Order | High | 7.1 | 2023-11-30 16:59:43 | Deep Dive |