Checkout Payment Gateway for WooCommerce | Missing Authorization (BAC) via sniff_ins |
Active Products Tables for WooCommerce | Broken Access Control (BAC) |
Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
Advanced Order Export For WooCommerce | Remote Code Execution (RCE) |
Barcode Scanner with Inventory & Order Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Broken Access Control (BAC) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Privilege Escalation (BAC) |
Currency per Product for WooCommerce | Cross-Site Request Forgery (CSRF) |
Customer Reviews for WooCommerce | Missing Authorization (BAC) to Arbitrary Email Sending |
Customer Reviews for WooCommerce | Missing Authorization (BAC) to Coupon Search |
Customer Reviews for WooCommerce | Cross-Site Scripting (XSS) via 's' |
Custom Order Statuses for WooCommerce | Broken Access Control (BAC) |
Custom Thank You Page Customize For WooCommerce by Binary Carpenter | Broken Access Control (BAC) |
EAN for WooCommerce | Cross-Site Scripting (XSS) via alg_wc_ean_product_meta Shortcode |
EAN for WooCommerce | Insecure Direct Object Reference (IDOR) to Private Information Exposure via Shortcode |
Easy Accept Payments | Broken Access Control (BAC) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Request Forgery (CSRF) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Request Forgery (CSRF) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Scripting (XSS) |
Email Customizer for WooCommerce | Private Data Exposure |
Email Marketing for WooCommerce by Omnisend | Cross-Site Request Forgery (CSRF) |
EPROLO Dropshipping | Broken Access Control (BAC) |
Event Manager for WooCommerce | Cross-Site Request Forgery (CSRF) |
Extra Product Options Builder for WooCommerce | Cross-Site Request Forgery (CSRF) |
Flexible Checkout Fields for WooCommerce | Broken Access Control (BAC) |
Flexible Shipping | Broken Access Control (BAC) |
GG Woo Feed for WooCommerce | Broken Access Control (BAC) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Local File Inclusion (LFi) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Remote Code Execution (RCE) |
Import Content in WordPress & WooCommerce with Excel | Cross-Site Scripting (XSS) |
Leaky Paywall | Price Manipulation |
Loan Repayment Calculator and Application Form | Cross-Site Request Forgery (CSRF) |
Multi Currency For WooCommerce | Broken Access Control (BAC) |
MultiParcels Shipping For WooCommerce | Cross-Site Request Forgery (CSRF) |
Open Close WooCommerce Store | Broken Access Control (BAC) |
Order Delivery Date for WooCommerce | Cross-Site Request Forgery (CSRF) |
Order Limit for WooCommerce | Broken Access Control (BAC) |
Payment Forms for Paystack | Cross-Site Scripting (XSS) |
Payment Gateway Based Fees and Discounts for WooCommerce | Broken Access Control (BAC) |
PPOM for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file |
Premmerce Product Filter for WooCommerce | Broken Access Control (BAC) |
Print Invoice & Delivery Notes for WooCommerce | Broken Access Control (BAC) |
Product Designer | PHP Object Injection |
Product Feed on WooCommerce for Google | Auth SQL Injection (SQLi) (SQLi) |
Product Feed PRO for WooCommerce | Private Data Exposure |
Product Input Fields for WooCommerce | Cross-Site Request Forgery (CSRF) |
Products, Order & Customers Export for WooCommerce | Broken Access Control (BAC) |
Product Sort and Display for WooCommerce | Missing Authorization (BAC) |
Sendinblue for WooCommerce | Arbitrary File Download (BAC) and Deletion (BAC) |
Shopkeeper Extender | Cross-Site Scripting (XSS) |
ShopLentor | Improper Authorization via woolentor_template_store |
ShopLentor | Cross-Site Scripting (XSS) via WL Universal Product Layout |
ShopLentor | Cross-Site Scripting (XSS) via QR Code Widget |
Shopstar! Theme | Cross-Site Request Forgery (CSRF) |
Simple Registration for WooCommerce | Unauthenticated Privilege Escalation (BAC) |
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | Missing Authorization (BAC) |
SuperFaktura WooCommerce | Server-Side Request Forgery (SSRF) |
TeraWallet – For WooCommerce | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Filter Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
Tracking Code Manager | Broken Access Control (BAC) |
TrackShip for WooCommerce | Broken Access Control (BAC) |
USPS Shipping for WooCommerce – Live Rates | Cross-Site Request Forgery (CSRF) |
USPS Shipping for WooCommerce – Live Rates | Private Data Exposure via Log File |
Wallet System for WooCommerce | Cross-Site Request Forgery (CSRF) |
Welcart e Commerce | Broken Access Control (BAC) |
Welcart e Commerce | Cross-Site Request Forgery (CSRF) |
Wholesale For WooCommerce | Unauthenticated Arbitrary Post/Page |
WooBuddy | PHP Object Injection |
WooCommerce | Cross-Site Request Forgery (CSRF) |
WooCommerce | Private/Draft Products Access (BAC) |
WooCommerce Cart Abandonment Recovery | Templates/Abandoned Orders Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
WooCommerce Checkout Field Editor (Checkout Manager) | Cross-Site Request Forgery (CSRF) |
WooCommerce Customers Manager | SQL Injection (SQLi) |
WooCommerce Customers Manager | Private Email Disclosure |
WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
WooCommerce Google Feed Manager | SQL Injection (SQLi) to Cross-Site Scripting (XSS) |
WooCommerce Multilingual & Multicurrency | SQL Injection (SQLi) |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Server Side Request Forgery |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Missing Authorization (BAC) to Unauthenticated Settings Reset |
WooCommerce Shipping Label | Cross-Site Scripting (XSS) |
WooCommerce UPS Shipping – Live Rates and Access Points | Cross-Site Request Forgery (CSRF) |
WOOCS – WooCommerce Currency Switcher | Unauthenticated Arbitrary Shortcode Execution |
WP ADA Compliance Check Basic | Cross-Site Request Forgery (CSRF) |
WPC Frequently Bought Together for WooCommerce | Broken Access Control (BAC) |
WPC Grouped Product for WooCommerce | Broken Access Control (BAC) |
WPC Smart Quick View for WooCommerce | Cross-Site Scripting (XSS) |
WP Stripe Checkout | Cross-Site Scripting (XSS) |
XforWooCommerce | Local File Inclusion (LFi) |
XPlainer WooCommerce Product FAQ | Cross-Site Request Forgery (CSRF) |
XStore Core | Limited Arbitrary File Download (BAC) |
XStore Core | Limited Arbitrary File Upload (BAC) |
XStore Core | Local File Inclusion (LFi) |
XStore Core | Multiple Broken Access Control (BAC) |
XStore Core | Cross-Site Scripting (XSS) |
XStore Core | Unauthenticated PHP Object Injection |
XStore Core | Unauthenticated Privilege Escalation (BAC) |
XStore Core | Unauthenticated SQL Injection (SQLi) |
XStore Theme | Arbitrary Option Update (BAC) |
XStore Theme | Broken Access Control (BAC) |
XStore Theme | Cross-Site Scripting (XSS) |
XStore Theme | Unauthenticated Broken Access Control (BAC) |
XStore Theme | Unauthenticated Local File Inclusion (LFi) |
XStore Theme | Unauthenticated SQL Injection (SQLi) |
YITH WooCommerce Compare | Cross-Site Request Forgery (CSRF) |