ReportizFlow
Filtered by vendor Woocommerce
Subscriptions
Filtered by product Woocommerce
Subscriptions
Total
92 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62957 | 3 Nikanwp, Woocommerce, Wordpress | 3 Woocommerce Reporting, Woocommerce, Wordpress | 2025-10-28 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0. | ||||
| CVE-2025-62935 | 3 Ilmosys, Woocommerce, Wordpress | 3 Open Close Woocommerce Store, Woocommerce, Wordpress | 2025-10-28 | 8.1 High |
| Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8. | ||||
| CVE-2025-12096 | 3 Prawas, Woocommerce, Wordpress | 3 Simple Excel Pricelist For Woocommerce, Woocommerce, Wordpress | 2025-10-28 | 6.4 Medium |
| The Simple Excel Pricelist for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pricelist' shortcode in all versions up to, and including, 1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-10861 | 4 Popup Builder, Roxnor, Woocommerce and 1 more | 4 Popup Builder, Popup Builder, Woocommerce and 1 more | 2025-10-28 | 7.5 High |
| The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.1.4. This is due to insufficient validation on the URLs supplied via the URL parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services, as well as conduct network reconnaissance. The vulnerability was partially patched in version 2.1.4. | ||||
| CVE-2025-11888 | 4 Elementor, Roxnor, Woocommerce and 1 more | 4 Elementor, Shopengine Elementor Woocommerce Builder Addon, Woocommerce and 1 more | 2025-10-28 | 2.7 Low |
| The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the post_deactive() function and post_activate() function in all versions up to, and including, 4.8.4. This makes it possible for authenticated attackers, with Editor-level access and above, to activate and deactivate licenses. | ||||
| CVE-2025-62015 | 3 Josh Kohlbach, Woocommerce, Wordpress | 4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more | 2025-10-24 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8. | ||||
| CVE-2025-62008 | 3 Acowebs, Woocommerce, Wordpress | 3 Product Labels For Woocommerce, Woocommerce, Wordpress | 2025-10-24 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4. | ||||
| CVE-2025-62005 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumomemberships, Woocommerce, Wordpress | 2025-10-24 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0. | ||||
| CVE-2025-49958 | 3 Robokassa, Woocommerce, Wordpress | 3 Payment Gateway For Woocommerce, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robokassa Robokassa payment gateway for Woocommerce robokassa allows Reflected XSS.This issue affects Robokassa payment gateway for Woocommerce: from n/a through <= 1.8.1. | ||||
| CVE-2025-49947 | 3 Extendons, Woocommerce, Wordpress | 3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Reflected XSS.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | ||||
| CVE-2025-53424 | 3 Vanquish, Woocommerce, Wordpress | 3 Woocommerce Orders Customers Exporter, Woocommerce, Wordpress | 2025-10-23 | 6.5 Medium |
| Missing Authorization vulnerability in vanquish WooCommerce Orders & Customers Exporter woocommerce-orders-ei allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Orders & Customers Exporter: from n/a through <= 5.4. | ||||
| CVE-2025-53422 | 3 Themewarriors, Woocommerce, Wordpress | 3 Whatsapp Chat, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeWarriors WhatsApp Chat for WordPress and WooCommerce tw-whatsapp-chat-rotator allows Reflected XSS.This issue affects WhatsApp Chat for WordPress and WooCommerce: from n/a through <= 1.2.1. | ||||
| CVE-2025-53297 | 3 Aa-team, Woocommerce, Wordpress | 3 Woocommerce Envato Affiliates, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Envato Affiliates wooenvato allows Reflected XSS.This issue affects Woocommerce Envato Affiliates: from n/a through <= 1.2.1. | ||||
| CVE-2025-60222 | 3 Fantasticplugins, Woocommerce, Wordpress | 3 Sumo Memberships For Woocommerce, Woocommerce, Wordpress | 2025-10-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0. | ||||
| CVE-2025-60211 | 3 Extendons, Woocommerce, Wordpress | 3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress | 2025-10-23 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | ||||
| CVE-2025-49380 | 3 Woocommerce, Wordpress, Wpinstinct | 3 Woocommerce, Wordpress, Woocommerce Vehicle Parts Finder | 2025-10-23 | 5.3 Medium |
| Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7. | ||||
| CVE-2025-59006 | 3 Themebon, Woocommerce, Wordpress | 3 Easy Woocommerce Customizer, Woocommerce, Wordpress | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue affects Easy Woocommerce Customizer: from n/a through <= 1.0.2. | ||||
| CVE-2025-49911 | 3 Woocommerce, Wordpress, Wpinstinct | 3 Woocommerce, Wordpress, Woo Commerce Vehicle Parts Finder | 2025-10-23 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Reflected XSS.This issue affects WooCommerce Vehicle Parts Finder: from n/a through <= 3.7. | ||||
| CVE-2025-10570 | 3 Woocommerce, Wordpress, Wpdesk | 3 Woocommerce, Wordpress, Flexible Refund And Return Order For Woocommerce | 2025-10-23 | 4.3 Medium |
| The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.38 via the save_refund_request() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to submit refund requests for arbitrary orders that they do not own. | ||||
| CVE-2025-10167 | 3 Woocommerce, Wordpress, Wpcodefactory | 3 Woocommerce, Wordpress, Stock History & Reports Manager For Woocommerce | 2025-10-21 | 6.4 Medium |
| The Stock History & Reports Manager for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'alg_wc_stock_snapshot_restocked shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||