VYPR
Vendor

WooCommerce

Products
27
CVEs
62
Across products
62
Status
Private

Products

27

Recent CVEs

62
View all 62 CVEs →
  • CVE-2024-8425CriFeb 28, 2025
    risk 0.67cvss 9.8epss 0.04

    The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwb_wgm_preview_mail' and 'mwb_wgm_woocommerce_add_cart_item_data' functions in all versions up to, and including, 2.9.2. This makes…

  • CVE-2025-14301CriJan 14, 2026
    risk 0.64cvss 9.8epss 0.01

    The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `process_table_bulk_actions()` function processing user-supplied file paths without authentication checks, nonce…

  • CVE-2023-33318CriDec 20, 2023
    risk 0.64cvss 9.9epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.

  • CVE-2026-3891CriMar 13, 2026
    risk 0.57cvss 9.8epss 0.01

    The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' function in all versions up to, and including, 1.5.0. This makes it possible…

  • CVE-2023-33330HigDec 20, 2023
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50.

  • CVE-2023-32795HigDec 28, 2023
    risk 0.53cvss 8.2epss 0.01

    Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.

  • CVE-2025-11722HigOct 15, 2025
    risk 0.49cvss 7.5epss 0.01

    The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level…

  • CVE-2023-32743HigDec 20, 2023
    risk 0.49cvss 7.6epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1.

  • CVE-2024-7027HigJul 24, 2024
    risk 0.47cvss 7.3epss 0.00

    The WooCommerce - PDF Vouchers plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 4.9.3. This is due to insufficient verification on the user being supplied during a QR code login through the plugin. This makes it possible for…

  • CVE-2024-27193HigMar 15, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through <= 3.8.8.

  • CVE-2026-3589HigMar 6, 2026
    risk 0.42cvss 7.5epss 0.00

    The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does not properly handle batch requests, which could allow unauthenticated users to make a logged in admin call non store/WC REST endpoints, and create arbitrary admin users via a CSRF attack for example.

  • CVE-2026-2232HigFeb 19, 2026
    risk 0.42cvss 7.5epss 0.00

    The Product Table and List Builder for WooCommerce Lite plugin for WordPress is vulnerable to time-based SQL Injection via the 'search' parameter in all versions up to, and including, 4.6.2 due to insufficient escaping on the user supplied parameter and lack of sufficient…

  • CVE-2025-15033MedDec 22, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through point releases, starting…

  • CVE-2024-12517MedDec 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes.…

  • CVE-2023-36512MedJun 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Woo AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.5.

  • CVE-2024-24799MedMar 26, 2024
    risk 0.42cvss 6.5epss 0.01

    Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.

  • CVE-2023-32799MedDec 21, 2023
    risk 0.42cvss 6.5epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.

  • CVE-2026-2019HigFeb 18, 2026
    risk 0.40cvss 7.2epss 0.00

    The Cart All In One For WooCommerce plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.1.21. This is due to insufficient input validation on the 'Assign page' field which is passed directly to the eval() function. This makes it possible…

  • CVE-2024-11276MedDec 6, 2024
    risk 0.40cvss 6.1epss 0.00

    The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This…

  • CVE-2025-57891MedAug 22, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations recurring-donation allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through <= 1.8.