Back In Stock Notifier for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
Barcode Scanner with Inventory & Order Manager | Cross-Site Request Forgery (CSRF) |
Barcode Scanner with Inventory & Order Manager | SQL Injection (SQLi) |
Booster for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
Builder for WooCommerce reviews shortcodes – ReviewShort | Broken Access Control (BAC) |
EAN for WooCommerce | Arbitrary Option Update (BAC) to Privilege Escalation (BAC) |
Envo's Elementor Templates & Widgets for WooCommerce | Cross-Site Scripting (XSS) |
MC Woocommerce Wishlist | Broken Access Control (BAC) |
MC Woocommerce Wishlist | Broken Access Control (BAC) |
Order Export & Order Import for WooCommerce | PHP Object Injection |
Orders Tracking for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode | Cross-Site Scripting (XSS) |
Serial Numbers for WooCommerce – License Manager | Broken Access Control (BAC) |
ShopBuilder – Elementor WooCommerce Builder Addons | Private Data Exposure |
ShopLentor | Cross-Site Scripting (XSS) via _id |
ShopLentor | Cross-Site Scripting (XSS) |
ShopLentor | Missing Authorization (BAC) via purchased_new_products |
ShopLentor | Cross-Site Scripting (XSS) via woolentorsearch Shortcode |
ShopLentor | Missing Authorization (BAC) to WordPress Option Modification |
SimpleShop | Cross-Site Request Forgery (CSRF) |
SimpleShop | Missing Authorization (BAC) |
Woocommerce – Recent Purchases | File Inclusion |
WP EasyCart | Private Information Exposure |
YITH WooCommerce Ajax Search | Unauthenticated Cross-Site Scripting (XSS) |
YITH WooCommerce Gift Cards | Multiple BAC - Missing Authorization to Unauthenticated WooCommerce Settings Update |