VYPR

Upsell Order Bump Offer For Woocommerce

by WordPress

Source repositories

CVEs (3)

  • CVE-2026-49110HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Broken Authentication in Upsell Order Bump Offer for WooCommerce <= 3.1.4 versions.

  • CVE-2025-59565MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce upsell-order-bump-offer-for-woocommerce allows Stored XSS.This issue affects Upsell Order Bump Offer for WooCommerce: from n/a…

  • CVE-2025-3743MedApr 25, 2025
    risk 0.27cvss 5.3epss 0.00

    The Upsell Funnel Builder for WooCommerce plugin for WordPress is vulnerable to order manipulation in all versions up to, and including, 3.0.0. This is due to the plugin allowing the additional product ID and discount field to be manipulated prior to processing via the…