| CVE-2026-0626 | WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode | getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | Medium | 6.4 | 2026-04-04 11:16:14 | Deep Dive |
| CVE-2026-3231 | Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field | themehigh | Checkout Field Editor (Checkout Manager) for WooCommerce | High | 7.2 | 2026-03-11 09:25:45 | Deep Dive |
| CVE-2025-13930 | Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.5 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion | quadlayers | Checkout Field Manager (Checkout Manager) for WooCommerce | Medium | 5.3 | 2026-02-19 04:36:09 | Deep Dive |
| CVE-2025-12500 | Checkout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File Upload | quadlayers | Checkout Field Manager (Checkout Manager) for WooCommerce | Medium | 5.3 | 2026-02-19 03:25:20 | Deep Dive |
| CVE-2025-14978 | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) <= 1.119.8 - Missing Authorization to Unauthenticated Order Status Modification | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 5.3 | 2026-01-20 01:22:45 | Deep Dive |
| CVE-2025-14169 | FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | High | 7.5 | 2025-12-12 07:20:36 | Deep Dive |
| CVE-2025-67542 | WordPress Multi-Step Checkout for WooCommerce plugin <= 2.33 - Cross Site Scripting (XSS) vulnerability | SilkyPress | Multi-Step Checkout for WooCommerce | - | - | 2025-12-09 14:14:05 | Deep Dive |
| CVE-2025-12878 | FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 6.4 | 2025-11-19 05:45:14 | Deep Dive |
| CVE-2025-4212 | Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting | wpwham | Checkout Files Upload for WooCommerce | High | 7.2 | 2025-11-18 09:27:36 | Deep Dive |
| CVE-2025-57903 | WordPress WooCommerce Additional Fees On Checkout (Free) plugin <= 1.5.2 - Cross Site Scripting (XSS) vulnerability | WPSuperiors Developer | WooCommerce Additional Fees On Checkout (Free) | Medium | 5.9 | 2025-09-22 18:25:26 | Deep Dive |
| CVE-2025-9463 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.117.5 - Authenticated (Contributor+) SQL Injection via order_by Parameter | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.5 | 2025-09-10 06:38:46 | Deep Dive |
| CVE-2025-58804 | WordPress WooCommerce Single Page Checkout Plugin <= 1.2.7 - Cross Site Request Forgery (CSRF) Vulnerability | brijrajs | WooCommerce Single Page Checkout | Medium | 4.3 | 2025-09-05 13:45:09 | Deep Dive |
| CVE-2025-58799 | WordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) Vulnerability | themelocation | Custom WooCommerce Checkout Fields Editor | Medium | 4.3 | 2025-09-05 13:45:07 | Deep Dive |
| CVE-2025-7654 | Multiple Plugins By FunnelKit <= (Various Versions) - Authenticated (Contributor+) Sensitive Information Exposure to Privilege Escalation via Woofunnel Library | amans2k | FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce | High | 8.8 | 2025-08-19 07:26:28 | Deep Dive |
| CVE-2025-50008 | WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability | cscode | WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily | Medium | 5.4 | 2025-06-20 15:04:05 | Deep Dive |
| CVE-2025-48111 | WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability | YITHEMES | YITH PayPal Express Checkout for WooCommerce | Medium | 4.3 | 2025-06-17 15:01:44 | Deep Dive |
| CVE-2025-29006 | WordPress Direct Checkout for WooCommerce Lite plugin <= 1.0.3 - Broken Access Control Vulnerability | centangle | Direct Checkout for WooCommerce Lite | Medium | 5.3 | 2025-06-06 12:54:27 | Deep Dive |
| CVE-2025-47504 | WordPress Custom Checkout Fields for WooCommerce plugin <= 1.8.3 - Cross Site Scripting (XSS) Vulnerability | WPFactory | Custom Checkout Fields for WooCommerce | Medium | 6.5 | 2025-05-07 14:19:58 | Deep Dive |
| CVE-2025-39391 | WordPress Checkout Field Visibility for WooCommerce plugin <= 1.3.0 - Local File Inclusion vulnerability | zamartz | Checkout Field Visibility for WooCommerce | 中危 | - | 2025-04-24 16:08:34 | Deep Dive |
| CVE-2024-13925 | Klarna Checkout for WooCommerce < 2.13.5 - DoS via Excessive Logging | Unknown | Klarna Checkout for WooCommerce | - | - | 2025-04-17 06:00:09 | Deep Dive |