Hippoo Mobile App For Woocommerce
by WordPress
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10580 | Cri | 0.57 | 9.8 | 0.03 | Jun 5, 2026 | The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user_permissions(), which returns… | ||
| CVE-2025-32638 | Hig | 0.46 | 7.1 | 0.00 | Apr 17, 2025 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile Mobile App for WooCommerce mobile-app-for-woocommerce allows Stored XSS.This issue affects Mobile App for WooCommerce: from n/a through <= 0.4.61. | ||
| CVE-2025-13339 | Hig | 0.42 | 7.5 | 0.02 | Dec 10, 2025 | The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the… | ||
| CVE-2025-12655 | Med | 0.34 | 5.3 | 0.00 | Dec 12, 2025 | The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being… |
- risk 0.57cvss 9.8epss 0.03
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user_permissions(), which returns…
- risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile Mobile App for WooCommerce mobile-app-for-woocommerce allows Stored XSS.This issue affects Mobile App for WooCommerce: from n/a through <= 0.4.61.
- risk 0.42cvss 7.5epss 0.02
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the…
- risk 0.34cvss 5.3epss 0.00
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being…