Woocommerce CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (221 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-57972	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Helpdesk Support Ticket System	2026-04-23	4.3 Medium
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.
CVE-2025-57967	3 Woocommerce, Wordpress, Wpbean	3 Woocommerce, Wordpress, Wpb Quick View	2026-04-23	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce woocommerce-lightbox allows Stored XSS.This issue affects WPB Quick View for WooCommerce: from n/a through <= 2.1.8.
CVE-2025-57922	3 Coordinadora Mercantil, Woocommerce, Wordpress	3 Envios Coordinadora, Woocommerce, Wordpress	2026-04-23	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce coordinadora allows Retrieve Embedded Sensitive Data.This issue affects Envíos Coordinadora Woocommerce: from n/a through <= 1.1.32.
CVE-2025-57917	3 Printcart, Woocommerce, Wordpress	3 Web To Print Product Designer, Woocommerce, Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.8.
CVE-2025-57914	3 Matat Technologies, Woocommerce, Wordpress	3 Deliver Via Shipos, Woocommerce, Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for WooCommerce: from n/a through <= 3.0.2.
CVE-2025-57908	3 Prowcplugins, Woocommerce, Wordpress	3 Product Time Countdown, Woocommerce, Wordpress	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce product-countdown-for-woocommerce allows Stored XSS.This issue affects Product Time Countdown for WooCommerce: from n/a through <= 1.6.5.
CVE-2025-57905	3 Amin, Woocommerce, Wordpress	3 Agreeme Checkboxes, Woocommerce, Wordpress	2026-04-23	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce agreeme-checkboxes-for-woocommerce allows Cross Site Request Forgery.This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through <= 1.1.3.
CVE-2025-57904	3 Woocommerce, Wordpress, Wp-experts	3 Woocommerce, Wordpress, Sales Count Manager	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce wc-sales-count-manager allows Stored XSS.This issue affects Sales Count Manager for WooCommerce: from n/a through <= 2.6.
CVE-2025-57903	3 Woocommerce, Wordpress, Wpsuperiors	3 Woocommerce, Wordpress, Woocommerce Additional Fees On Checkout	2026-04-23	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSuperiors Developer WooCommerce Additional Fees On Checkout (Free) woo-additional-fees-on-checkout-wordpress allows Stored XSS.This issue affects WooCommerce Additional Fees On Checkout (Free): from n/a through <= 1.5.2.
CVE-2025-54713	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-23	9.8 Critical
Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.3.0.
CVE-2025-54674	3 Product Configurator For Woocommerce Project, Woocommerce, Wordpress	3 Product Configurator For Woocommerce, Woocommerce, Wordpress	2026-04-23	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4.
CVE-2025-53575	3 Primersoftware, Woocommerce, Wordpress	3 Primer Mydata For Woocommerce, Woocommerce, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.5.
CVE-2025-52820	3 Infosoftplugin, Woocommerce, Wordpress	3 Woocommerce Point Of Sale, Woocommerce, Wordpress	2026-04-23	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-49958	3 Robokassa, Woocommerce, Wordpress	3 Payment Gateway For Woocommerce, Woocommerce, Wordpress	2026-04-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.6.
CVE-2025-49887	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Product Xml Feed Manager For Woocommerce	2026-04-23	9.9 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.3.
CVE-2025-49885	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-23	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through <= 5.0.6.
CVE-2025-49434	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-23	9.8 Critical
Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2.
CVE-2025-49356	3 Mykola Lukin, Woocommerce, Wordpress	3 Orders Chat For Woocommerce, Woocommerce, Wordpress	2026-04-23	4.3 Medium
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.
CVE-2025-48148	2 Woocommerce, Wordpress	3 Storekeeper, Woocommerce, Wordpress	2026-04-23	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.
CVE-2025-48123	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-23	10 Critical
Improper Control of Generation of Code ('Code Injection') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Code Injection.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37.

« first previous Page 4 of 12. next last »