| CVE-2025-69004 | WordPress Bajaar - Highly Customizable WooCommerce WordPress Theme theme <= 2.1.0 - Local File Inclusion vulnerability | XpeedStudio | Bajaar - Highly Customizable WooCommerce WordPress Theme | High | 8.1 | 2026-01-22 16:52:17 | Deep Dive |
| CVE-2025-68041 | WordPress Omnichannel for WooCommerce plugin <= 1.3.65 - Cross Site Scripting (XSS) vulnerability | codisto | Omnichannel for WooCommerce | High | 7.1 | 2026-01-22 16:52:06 | Deep Dive |
| CVE-2025-68018 | WordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerability | StackWC | Order Listener for WooCommerce | Critical | 9.4 | 2026-01-22 16:52:04 | Deep Dive |
| CVE-2025-68013 | WordPress Payment Gateway Authorize.Net CIM for WooCommerce plugin <= 2.1.2 - Arbitrary Content Deletion vulnerability | cardpaysolutions | Payment Gateway Authorize.Net CIM for WooCommerce | Medium | 6.5 | 2026-01-22 16:52:03 | Deep Dive |
| CVE-2025-68016 | WordPress onepay Payment Gateway For WooCommerce plugin <= 1.1.2 - Other Vulnerability Type vulnerability | Onepay Sri Lanka | onepay Payment Gateway For WooCommerce | - | - | 2026-01-22 16:52:03 | Deep Dive |
| CVE-2025-68011 | WordPress GLS Shipping for WooCommerce plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability | GLS | GLS Shipping for WooCommerce | High | 7.1 | 2026-01-22 16:52:02 | Deep Dive |
| CVE-2025-67958 | WordPress TaxCloud for WooCommerce plugin <= 8.3.8 - Broken Access Control vulnerability | Taxcloud | TaxCloud for WooCommerce | Medium | 6.5 | 2026-01-22 16:51:57 | Deep Dive |
| CVE-2025-67945 | WordPress MailerLite – WooCommerce integration plugin <= 3.1.2 - SQL Injection vulnerability | MailerLite | MailerLite – WooCommerce integration | Critical | 9.3 | 2026-01-22 16:51:54 | Deep Dive |
| CVE-2026-0554 | NotificationX <= 3.1.11 - Missing Authorization to Authenticated (Contributor+) Analytics Reset | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.3 | 2026-01-20 14:26:34 | Deep Dive |
| CVE-2025-15380 | NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | High | 7.2 | 2026-01-20 14:26:34 | Deep Dive |
| CVE-2025-14977 | Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy <= 4.2.4 - Insecure Direct Object Reference to PayPal Account Takeover and Sensitive Information Disclosure | dokaninc | Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy | High | 8.1 | 2026-01-20 04:35:46 | Deep Dive |
| CVE-2025-14978 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 5.3 | 2026-01-20 01:22:45 | Deep Dive |
| CVE-2025-14078 | PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation | shoheitanaka | PAYGENT for WooCommerce | Medium | 5.3 | 2026-01-17 08:24:32 | Deep Dive |
| CVE-2025-10484 | Registration & Login with Mobile Phone Number for WooCommerce <= 1.3.1 - Authentication Bypass | FmeAddons | Registration & Login with Mobile Phone Number for WooCommerce | Critical | 9.8 | 2026-01-17 08:24:31 | Deep Dive |
| CVE-2025-14450 | Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation | wpswings | Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments | Medium | 6.5 | 2026-01-17 02:22:32 | Deep Dive |
| CVE-2026-0939 | Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status Manipulation | linknacional | Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit | Medium | 5.3 | 2026-01-16 06:43:21 | Deep Dive |
| CVE-2026-0942 | Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion | linknacional | Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit | Medium | 5.3 | 2026-01-16 06:43:21 | Deep Dive |
| CVE-2026-1000 | MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion | mailerlite | MailerLite – WooCommerce integration | Medium | 6.5 | 2026-01-16 04:44:36 | Deep Dive |
| CVE-2025-12895 | Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request | Laborator | Kalium 3 | Creative WordPress & WooCommerce Theme | Medium | 5.3 | 2026-01-15 13:23:24 | Deep Dive |
| CVE-2025-15475 | PayHere Payment Gateway Plugin for WooCommerce <= 2.3.9 - Missing Authorization to Unauthenticated Order Status Modification | payhere | PayHere Payment Gateway | Medium | 5.3 | 2026-01-14 06:40:09 | Deep Dive |