Woocommerce CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (195 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-57972	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Helpdesk Support Ticket System	2025-09-25	4.3 Medium
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through 2.0.2.
CVE-2025-9054	3 Techspawn, Woocommerce, Wordpress	3 Multiloca, Woocommerce, Wordpress	2025-09-25	9.8 Critical
The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'wcmlim_settings_ajax_handler' function in all versions up to, and including, 4.2.8. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2025-10412	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2025-09-24	9.8 Critical
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uni_cpo_upload_file' function in all versions up to, and including, 4.9.54. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2025-57917	3 Printcart, Woocommerce, Wordpress	3 Web To Print Product Designer, Woocommerce, Wordpress	2025-09-23	4.3 Medium
Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.4.3.
CVE-2025-57905	3 Amin, Woocommerce, Wordpress	3 Agreeme Checkboxes, Woocommerce, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce allows Cross Site Request Forgery. This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through 1.1.3.
CVE-2025-57904	3 Woocommerce, Wordpress, Wp-experts	3 Woocommerce, Wordpress, Sales Count Manager	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce allows Stored XSS. This issue affects Sales Count Manager for WooCommerce: from n/a through 2.5.
CVE-2025-59565	3 Woocommerce, Wordpress, Wp Swings	3 Woocommerce, Wordpress, Upsell Order Bump Offer For Woocommerce	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Swings Upsell Order Bump Offer for WooCommerce allows Stored XSS. This issue affects Upsell Order Bump Offer for WooCommerce: from n/a through 3.0.7.
CVE-2025-53455	3 Cashbill, Woocommerce, Wordpress	3 Cashbill Woocommerce, Woocommerce, Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce allows Stored XSS. This issue affects CashBill.pl – Płatności WooCommerce: from n/a through 3.2.1.
CVE-2025-58656	3 Risto Niinemets, Woocommerce, Wordpress	3 Estonian Shipping Methods, Woocommerce, Wordpress	2025-09-23	5.3 Medium
Use of Hard-coded Credentials vulnerability in Risto Niinemets Estonian Shipping Methods for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects Estonian Shipping Methods for WooCommerce: from n/a through 1.7.2.
CVE-2025-58685	3 Cecabank, Woocommerce, Wordpress	3 Woocommerce Plugin, Woocommerce, Wordpress	2025-09-23	5.3 Medium
Missing Authorization vulnerability in cecabank Cecabank WooCommerce Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cecabank WooCommerce Plugin: from n/a through 0.3.4.
CVE-2025-58228	3 Shapedplugin, Woocommerce, Wordpress	3 Quick View, Woocommerce, Wordpress	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC Quick View for WooCommerce allows Stored XSS. This issue affects Quick View for WooCommerce: from n/a through 2.2.16.
CVE-2025-57967	3 Woocommerce, Wordpress, Wpbean	3 Woocommerce, Wordpress, Wpb Quick View	2025-09-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce allows Stored XSS. This issue affects WPB Quick View for WooCommerce: from n/a through 2.1.8.
CVE-2025-57908	3 Prowcplugins, Woocommerce, Wordpress	3 Product Time Countdown, Woocommerce, Wordpress	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce allows Stored XSS. This issue affects Product Time Countdown for WooCommerce: from n/a through 1.6.4.
CVE-2025-57914	3 Matat Technologies, Woocommerce, Wordpress	3 Deliver Via Shipos, Woocommerce, Wordpress	2025-09-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce allows Cross Site Request Forgery. This issue affects Deliver via Shipos for WooCommerce: from n/a through 3.0.2.
CVE-2025-57922	3 Coordinadora Mercantil, Woocommerce, Wordpress	3 Envios Coordinadora, Woocommerce, Wordpress	2025-09-23	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce allows Retrieve Embedded Sensitive Data. This issue affects Envíos Coordinadora Woocommerce: from n/a through 1.1.31.
CVE-2025-57903	3 Woocommerce, Wordpress, Wpsuperiors	3 Woocommerce, Wordpress, Woocommerce Additional Fees On Checkout	2025-09-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSuperiors Developer WooCommerce Additional Fees On Checkout (Free) allows Stored XSS. This issue affects WooCommerce Additional Fees On Checkout (Free): from n/a through 1.5.0.
CVE-2025-10142	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2025-09-12	4.9 Medium
The PagBank / PagSeguro Connect para WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'status' parameter in all versions up to, and including, 4.44.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-47569	3 Woocommerce, Wordpress, Wpswings	4 Gift Cards, Woocommerce, Wordpress and 1 more	2025-09-11	9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through 2.8.10.
CVE-2025-58985	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Additional Custom Product Tabs For Woocommerce	2025-09-11	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Additional Custom Product Tabs for WooCommerce allows Stored XSS. This issue affects Additional Custom Product Tabs for WooCommerce: from n/a through 1.7.3.
CVE-2025-58991	3 Cristiano Zanca, Woocommerce, Wordpress	3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress	2025-09-11	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.

« first previous Page 7 of 10. next last »