Woocommerce CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (221 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58991	3 Cristiano Zanca, Woocommerce, Wordpress	3 Woocommerce Booking Bundle Hours, Woocommerce, Wordpress	2026-04-28	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4.
CVE-2025-30631	3 Aa-team, Woocommerce, Wordpress	4 Amazon Affiliates Addon For Wpbakery Page Builder, Woocommerce Sales Funnel Builder, Woocommerce and 1 more	2026-04-28	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) allows Reflected XSS.This issue affects Woocommerce Sales Funnel Builder: from n/a through 1.1; Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through 1.2.
CVE-2025-28999	3 Woocommerce, Wordpress, Zoomit	3 Woocommerce, Wordpress, Woocommerce Shop Page Builder	2026-04-28	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt WooCommerce Shop Page Builder allows Reflected XSS. This issue affects WooCommerce Shop Page Builder: from n/a through 2.27.7.
CVE-2024-24799	2 Woocommerce, Wordpress	3 Box Office, Woocommerce Box Office, Wordpress	2026-04-28	6.5 Medium
Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.
CVE-2026-24526	3 Steve Truman, Woocommerce, Wordpress	3 Email Inquiry & Cart Options For Woocommerce, Woocommerce, Wordpress	2026-04-28	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Truman Email Inquiry & Cart Options for WooCommerce woocommerce-email-inquiry-cart-options allows DOM-Based XSS.This issue affects Email Inquiry & Cart Options for WooCommerce: from n/a through <= 3.5.0.
CVE-2025-62081	3 Channelize.io, Woocommerce, Wordpress	3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress	2026-04-28	5.3 Medium
Missing Authorization vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
CVE-2025-62080	3 Channelize.io, Woocommerce, Wordpress	3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
CVE-2025-60189	3 Polopag, Woocommerce, Wordpress	3 Polopag, Woocommerce, Wordpress	2026-04-28	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PoloPag PoloPag – Pix Automático para Woocommerce wc-polo-payments allows PHP Local File Inclusion.This issue affects PoloPag – Pix Automático para Woocommerce: from n/a through <= 2.0.9.
CVE-2025-60171	3 Woocommerce, Wordpress, Yourplugins	3 Woocommerce, Wordpress, Conditional Cart Messages For Woocommerce	2026-04-28	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects Conditional Cart Messages for WooCommerce – YourPlugins.com: from n/a through <= 1.2.10.
CVE-2025-57977	3 Woocommerce, Wordpress, Wpdesk	3 Woocommerce, Wordpress, Flexible Pdf Invoices	2026-04-28	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoices for WooCommerce & WordPress: from n/a through <= 6.0.13.
CVE-2025-53455	3 Cashbill, Woocommerce, Wordpress	3 Cashbill Woocommerce, Woocommerce, Wordpress	2026-04-28	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue affects CashBill.pl – Płatności WooCommerce: from n/a through <= 3.2.1.
CVE-2025-49352	3 Woocommerce, Wordpress, Yoohw Studio	3 Woocommerce, Wordpress, Order Cancellation & Returns For Woocommerce	2026-04-28	4.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through <= 1.1.11.
CVE-2023-52222	1 Woocommerce	1 Woocommerce	2026-04-28	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
CVE-2025-49380	3 Woocommerce, Wordpress, Wpinstinct	3 Woocommerce, Wordpress, Woocommerce Vehicle Parts Finder	2026-04-27	9.8 Critical
Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7.
CVE-2025-53424	3 Vanquish, Woocommerce, Wordpress	3 Woocommerce Orders Customers Exporter, Woocommerce, Wordpress	2026-04-27	6.5 Medium
Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4.
CVE-2025-62957	3 Nikanwp, Woocommerce, Wordpress	3 Woocommerce Reporting, Woocommerce, Wordpress	2026-04-27	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.
CVE-2025-62935	3 Ilmosys, Woocommerce, Wordpress	3 Open Close Woocommerce Store, Woocommerce, Wordpress	2026-04-27	4.3 Medium
Missing Authorization vulnerability in StackWC Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 5.0.0.
CVE-2025-60204	3 Josh Kohlbach, Woocommerce, Wordpress	3 Woocommerce Store Toolkit, Woocommerce, Wordpress	2026-04-27	7.5 High
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through <= 2.4.3.
CVE-2025-63015	3 Paysera, Woocommerce, Wordpress	3 Woocommerce Payment Gateway, Woocommerce, Wordpress	2026-04-24	4.3 Medium
Missing Authorization vulnerability in paysera WooCommerce Payment Gateway - Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway - Paysera: from n/a through <= 3.10.0.
CVE-2025-63023	3 Easy Payment, Woocommerce, Wordpress	3 Payment Gateway For Paypal On Woo Commerce, Woocommerce, Wordpress	2026-04-24	5.3 Medium
Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through <= 9.0.53.

Page 1 of 12. next last »