Woocommerce Store Toolkit
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60204 | Hig | 0.49 | 7.5 | 0.00 | Nov 6, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a… | ||
| CVE-2021-25077 | 0.00 | — | 0.01 | Feb 7, 2022 | The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting | |||
| CVE-2016-10923 | 0.00 | — | 0.02 | Aug 22, 2019 | The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation. | |||
| CVE-2016-10922 | 0.00 | — | 0.02 | Aug 22, 2019 | The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation. |
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a…
- CVE-2021-25077Feb 7, 2022risk 0.00cvss —epss 0.01
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting
- CVE-2016-10923Aug 22, 2019risk 0.00cvss —epss 0.02
The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
- CVE-2016-10922Aug 22, 2019risk 0.00cvss —epss 0.02
The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.