Woocommerce CVEs and Security Vulnerabilities

Filtered by vendor Woocommerce Subscriptions

Filtered by product Woocommerce Subscriptions

Search

Switch to Advanced Search (Beta)

Total 205 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-57972	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Helpdesk Support Ticket System	2026-04-01	N/A
Missing Authorization vulnerability in WPFactory Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.1.
CVE-2025-57967	3 Woocommerce, Wordpress, Wpbean	3 Woocommerce, Wordpress, Wpb Quick View	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce woocommerce-lightbox allows Stored XSS.This issue affects WPB Quick View for WooCommerce: from n/a through <= 2.1.8.
CVE-2025-57922	3 Coordinadora Mercantil, Woocommerce, Wordpress	3 Envios Coordinadora, Woocommerce, Wordpress	2026-04-01	N/A
Insertion of Sensitive Information Into Sent Data vulnerability in Coordinadora Mercantil S.A. Envíos Coordinadora Woocommerce coordinadora allows Retrieve Embedded Sensitive Data.This issue affects Envíos Coordinadora Woocommerce: from n/a through <= 1.1.32.
CVE-2025-57917	3 Printcart, Woocommerce, Wordpress	3 Web To Print Product Designer, Woocommerce, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.4.8.
CVE-2025-57914	3 Matat Technologies, Woocommerce, Wordpress	3 Deliver Via Shipos, Woocommerce, Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Matat Technologies Deliver via Shipos for WooCommerce wc-shipos-delivery allows Cross Site Request Forgery.This issue affects Deliver via Shipos for WooCommerce: from n/a through <= 3.0.2.
CVE-2025-57908	3 Prowcplugins, Woocommerce, Wordpress	3 Product Time Countdown, Woocommerce, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProWCPlugins Product Time Countdown for WooCommerce product-countdown-for-woocommerce allows Stored XSS.This issue affects Product Time Countdown for WooCommerce: from n/a through <= 1.6.5.
CVE-2025-57905	3 Amin, Woocommerce, Wordpress	3 Agreeme Checkboxes, Woocommerce, Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in Amin Y AgreeMe Checkboxes For WooCommerce agreeme-checkboxes-for-woocommerce allows Cross Site Request Forgery.This issue affects AgreeMe Checkboxes For WooCommerce: from n/a through <= 1.1.3.
CVE-2025-57904	3 Woocommerce, Wordpress, Wp-experts	3 Woocommerce, Wordpress, Sales Count Manager	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-EXPERTS.IN Sales Count Manager for WooCommerce wc-sales-count-manager allows Stored XSS.This issue affects Sales Count Manager for WooCommerce: from n/a through <= 2.6.
CVE-2025-57903	3 Woocommerce, Wordpress, Wpsuperiors	3 Woocommerce, Wordpress, Woocommerce Additional Fees On Checkout	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPSuperiors Developer WooCommerce Additional Fees On Checkout (Free) woo-additional-fees-on-checkout-wordpress allows Stored XSS.This issue affects WooCommerce Additional Fees On Checkout (Free): from n/a through <= 1.5.2.
CVE-2025-54713	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-01	N/A
Authentication Bypass Using an Alternate Path or Channel vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Authentication Abuse.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.3.0.
CVE-2025-54674	3 Product Configurator For Woocommerce Project, Woocommerce, Wordpress	3 Product Configurator For Woocommerce, Woocommerce, Wordpress	2026-04-01	N/A
Cross-Site Request Forgery (CSRF) vulnerability in mklacroix Product Configurator for WooCommerce product-configurator-for-woocommerce allows Cross Site Request Forgery.This issue affects Product Configurator for WooCommerce: from n/a through <= 1.4.4.
CVE-2025-53575	3 Primersoftware, Woocommerce, Wordpress	3 Primer Mydata For Woocommerce, Woocommerce, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Reflected XSS.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.5.
CVE-2025-53455	3 Cashbill, Woocommerce, Wordpress	3 Cashbill Woocommerce, Woocommerce, Wordpress	2026-04-01	N/A
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue affects CashBill.pl – Płatności WooCommerce: from n/a through <= 3.2.1.
CVE-2025-52820	3 Infosoftplugin, Woocommerce, Wordpress	3 Woocommerce Point Of Sale, Woocommerce, Wordpress	2026-04-01	N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in infosoftplugin WooCommerce Point Of Sale (POS) woo-point-of-salepos allows SQL Injection.This issue affects WooCommerce Point Of Sale (POS): from n/a through <= 1.4.
CVE-2025-49887	3 Woocommerce, Wordpress, Wpfactory	3 Woocommerce, Wordpress, Product Xml Feed Manager For Woocommerce	2026-04-01	N/A
Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce product-xml-feeds-for-woocommerce allows Remote Code Inclusion.This issue affects Product XML Feed Manager for WooCommerce: from n/a through <= 2.9.3.
CVE-2025-49885	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in HaruTheme Drag and Drop Multiple File Upload (Pro) - WooCommerce drag-and-drop-file-upload-wc-pro allows Upload a Web Shell to a Web Server.This issue affects Drag and Drop Multiple File Upload (Pro) - WooCommerce: from n/a through <= 5.0.6.
CVE-2025-49434	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-04-01	N/A
Deserialization of Untrusted Data vulnerability in axiomthemes Cars4Rent cars4rent allows Object Injection.This issue affects Cars4Rent: from n/a through <= 1.4.2.
CVE-2025-49356	3 Mykola Lukin, Woocommerce, Wordpress	3 Orders Chat For Woocommerce, Woocommerce, Wordpress	2026-04-01	N/A
Missing Authorization vulnerability in Mykola Lukin Orders Chat for WooCommerce orders-chat-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orders Chat for WooCommerce: from n/a through <= 1.2.0.
CVE-2025-49352	3 Woocommerce, Wordpress, Yoohw Studio	3 Woocommerce, Wordpress, Order Cancellation & Returns For Woocommerce	2026-04-01	N/A
Authorization Bypass Through User-Controlled Key vulnerability in YoOhw Studio Order Cancellation & Returns for WooCommerce wc-order-cancellation-return allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Cancellation & Returns for WooCommerce: from n/a through <= 1.1.11.
CVE-2025-48148	2 Woocommerce, Wordpress	3 Storekeeper, Woocommerce, Wordpress	2026-04-01	N/A
Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce storekeeper-for-woocommerce allows Using Malicious Files.This issue affects StoreKeeper for WooCommerce: from n/a through <= 14.4.4.

« first previous Page 6 of 11. next last »