APIExperts Square for WooCommerce | Cross-Site Scripting (XSS) |
Booster Elite for WooCommerce | Arbitrary File Upload (BAC) |
Booster for WooCommerce | Cross-Site Scripting (XSS) |
Booster for WooCommerce | Cross-Site Scripting (XSS) via Shortocde |
Builder for WooCommerce reviews shortcodes – ReviewShort | Cross-Site Request Forgery (CSRF) |
Bulgarisation for WooCommerce | Missing Authorization (BAC) |
Bulgarisation for WooCommerce | Cross-Site Request Forgery (CSRF) |
Custom WooCommerce Checkout Fields Editor | Cross-Site Request Forgery (CSRF) |
Custom WooCommerce Checkout Fields Editor | Cross-Site Scripting (XSS) |
FG PrestaShop to WooCommerce | Private Data Exposure via Log File |
Free Downloads WooCommerce | Cross-Site Scripting (XSS) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Cross-Site Request Forgery (CSRF) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Cross-Site Scripting (XSS) via Shortcode |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | SQL Injection (SQLi) |
Klarna Payments for WooCommerce | Broken Access Control (BAC) |
Live Sales Notification for Woocommerce - Woomotiv | Cross-Site Request Forgery (CSRF) via ajax_cancel_review |
Locatoraid Store Locator | Cross-Site Scripting (XSS) |
Management App for WooCommerce | Arbitrary File Upload (BAC) |
New Order Notification for Woocommerce | Broken Access Control (BAC) |
Order Tip for WooCommerce | Missing Authorization (BAC) to Unauthenticated Data Export |
Password Protected Store for WooCommerce | Private Information Exposure via REST API |
PDF Invoices and Packing Slips For WooCommerce | PHP Object Injection |
Popup Cart Lite for WooCommerce | Cross-Site Request Forgery (CSRF) |
Premmerce Permalink Manager for WooCommerce | Local File Inclusion (BAC) |
Preview E-mails for WooCommerce | Cross-Site Scripting (XSS) |
Product Carousel Slider & Grid Ultimate for WooCommerce | PHP Object Injection |
Product Feed PRO for WooCommerce | Cross-Site Scripting (XSS) |
Product Import Export for WooCommerce | Arbitrary File Upload (BAC) |
Shipping with Venipak for WooCommerce | Cross-Site Scripting (XSS) |
TeraWallet – For WooCommerce | Missing Authorization (BAC) to User Email Export |
Tracking Code Manager | Cross-Site Scripting (XSS) |
Ultimate Gift Cards For WooCommerce | Missing Authorization (BAC) to Unauthenticated Information Exposure |
WCFM – Frontend Manager for WooCommerce | Cross-Site Scripting (XSS) |
Wholesale For WooCommerce | Unauthenticated Private Data Exposure |
Woo Viet | Cross-Site Scripting (XSS) |
WooBuddy | PHP Object Injection in get_simple_request |
WooCommerce Add to Cart Custom Redirect | Missing Authorization (BAC) to Limited Arbitrary Options Update (BAC) |
WooCommerce Bookings Calendar | Cross-Site Scripting (XSS) |
WooCommerce Cloak Affiliate Links | Missing Authorization (BAC) to Unauthenticated Permalink Modification |
WooCommerce Clover Payment Gateway | Missing Authorization (BAC) via callback_handler |
WooCommerce Google Feed Manager | Cross-Site Scripting (XSS) |
WooCommerce License Manager | Cross-Site Scripting (XSS) |
WooCommerce Multilingual & Multicurrency | Broken Access Control (BAC) |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce POS | Insufficient Verification of Data Authenticity to Private Information Disclosure |
Woocommerce Social Media Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WOOCS – WooCommerce Currency Switcher | Cross-Site Request Forgery (CSRF) |
WooLentor | Cross-Site Scripting (XSS) via Banner Link |
WooThumbs for WooCommerce by Iconic | Cross-Site Scripting (XSS) |
WP Express Checkout (Accept PayPal Payments) | Price Manipulation (BAC) |
WPC Management for WooCommerce | Broken Access Control (BAC) |
YITH WooCommerce Account Funds Premium | Broken Access Control (BAC) |
YITH WooCommerce Product Add-Ons | Cross-Site Scripting (XSS) |