VYPR

Hippoo Mobile App For Woocommerce

by WordPress

CVEs (4)

  • CVE-2026-10580CriJun 5, 2026
    risk 0.57cvss 9.8epss 0.03

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a logic conflation in HippooPermissions::get_user_permissions(), which returns…

  • CVE-2025-32638HigApr 17, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weptile Mobile App for WooCommerce mobile-app-for-woocommerce allows Stored XSS.This issue affects Mobile App for WooCommerce: from n/a through <= 0.4.61.

  • CVE-2025-13339HigDec 10, 2025
    risk 0.42cvss 7.5epss 0.02

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the…

  • CVE-2025-12655MedDec 12, 2025
    risk 0.34cvss 5.3epss 0.00

    The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint `/wp-json/hippoo/v1/wc/token/save_callback/{token_id}` being…