VYPR

Woocommerce Subscriptions

by WordPress

CVEs (4)

  • CVE-2023-35914HigDec 20, 2023
    risk 0.49cvss 7.5epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2.

  • CVE-2026-1926MedMar 18, 2026
    risk 0.34cvss 5.3epss 0.00

    The Subscriptions for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `wps_sfw_admin_cancel_susbcription()` function in all versions up to, and including, 1.9.2. This is due to the function being hooked…

  • CVE-2023-50850MedDec 31, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0.

  • CVE-2019-18834Jul 23, 2020
    risk 0.00cvss epss 0.02

    Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.