Square

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-13457	WordPress Square	Hig	0.42	7.5	0.00		Jan 10, 2026	The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to…
CVE-2023-30486	WordPress Square	Med	0.28	4.3	0.01		Dec 9, 2024	Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.

CVE-2025-13457HigJan 10, 2026
WordPress
Square
risk 0.42cvss 7.5epss 0.00
The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to…
CVE-2023-30486MedDec 9, 2024
WordPress
Square
risk 0.28cvss 4.3epss 0.01
Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0.