Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps | Cross-Site Scripting (XSS) |
Aramex Shipping WooCommerce | Unauthenticated Full Path Disclosure (BAC) |
CC & BCC for Woocommerce Order Emails | Cross-Site Scripting (XSS) |
Get Better Reviews for WooCommerce | Broken Access Control (BAC) |
HitPay Payment Gateway for WooCommerce | Private Data Exposure via Log File |
JetWidgets for Elementor and WooCommerce | Limited Local File Inclusion (LFi) |
MakeCommerce for WooCommerce | Cross-Site Scripting (XSS) |
WordPress Mercado Pago payments for WooCommerce plugin | Arbitrary File Download |
Metorik – Reports & Email Automation for WooCommerce | Cross-Site Request Forgery (CSRF) |
Pixel Manager for WooCommerce | Malicious polyfill.io Embed |
Product Customer List for WooCommerce | Malicious polyfill.io Embed |
Product Delivery Date for WooCommerce – Lite | Broken Access Control (BAC) |
Product Enquiry for WooCommerce | Cross-Site Scripting (XSS) |
ShopBuilder – Elementor WooCommerce Builder Addons | Local File Inclusion (LFi) |
SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) | Cross-Site Scripting (XSS) |
TeraWallet – For WooCommerce | SQL Injection (SQLi) via 'search[value]' |
Wallet System for WooCommerce | Private Data Exposure via Exported File |
Web and WooCommerce Addons for WPBakery Builder | Missing Authorization (BAC) to Plugin Settings Modification (BAC) |
Woocommerce OpenPos | Unauthenticated Arbitrary File Deletion (BAC) |
Woocommerce OpenPos | Unauthenticated Private Data Exposure |
Woocommerce OpenPos | Unauthenticated SQL Injection (SQLi) |
WooCommerce Predictive Search | Cross-Site Scripting (XSS) |
WooCommerce Product Table Lite | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
WooCommerce Report | Cross-Site Scripting (XSS) |
WooCommerce Social Login | PHP Object Injection |
XPlainer WooCommerce Product FAQ | Cross-Site Scripting (XSS) |
XPlainer WooCommerce Product FAQ | Missing Authorization (BAC) to Cross-Site Scripting (XSS) |
XPlainer WooCommerce Product FAQ | Missing Authorization (BAC) to Settings Update (BAC) |
YITH Essential Kit for WooCommerce #1 | Missing Authorization (BAC) to Limited Plugin Install, Activation, and Deactivation |
YITH WooCommerce Affiliates | Malicious polyfill.io Embed |
YITH WooCommerce Ajax Product Filter | Cross-Site Scripting (XSS) |