Woocommerce CVEs and Security Vulnerabilities

Filtered by vendor Woocommerce Subscriptions

Filtered by product Woocommerce Subscriptions

Search

Switch to Advanced Search (Beta)

Total 188 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-64222	3 Fantasticplugins, Woocommerce, Wordpress	3 Woocommerce Recover Abandoned Cart, Woocommerce, Wordpress	2026-01-20	7.5 High
Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through <= 24.6.0.
CVE-2025-64200	3 Villatheme, Woocommerce, Wordpress	3 Woocommerce Email Template Customizer, Woocommerce, Wordpress	2026-01-20	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stored XSS.This issue affects Email Template Customizer for WooCommerce: from n/a through <= 1.2.17.
CVE-2025-63023	3 Easy Payment, Woocommerce, Wordpress	3 Payment Gateway For Paypal On Woo Commerce, Woocommerce, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Easy Payment Payment Gateway for PayPal on WooCommerce woo-paypal-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment Gateway for PayPal on WooCommerce: from n/a through <= 9.0.52.
CVE-2025-63015	3 Paysera, Woocommerce, Wordpress	3 Woocommerce Payment Gateway, Woocommerce, Wordpress	2026-01-20	4.3 Medium
Missing Authorization vulnerability in paysera WooCommerce Payment Gateway – Paysera woo-payment-gateway-paysera allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Payment Gateway – Paysera: from n/a through <= 3.9.0.
CVE-2025-62957	3 Nikanwp, Woocommerce, Wordpress	3 Woocommerce Reporting, Woocommerce, Wordpress	2026-01-20	8.8 High
Cross-Site Request Forgery (CSRF) vulnerability in NikanWP NikanWP WooCommerce Reporting wc-reports-lite allows Stored XSS.This issue affects NikanWP WooCommerce Reporting: from n/a through <= 1.0.0.
CVE-2025-62935	3 Ilmosys, Woocommerce, Wordpress	3 Open Close Woocommerce Store, Woocommerce, Wordpress	2026-01-20	8.1 High
Missing Authorization vulnerability in ilmosys Open Close WooCommerce Store woc-open-close allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Open Close WooCommerce Store: from n/a through <= 4.9.8.
CVE-2025-62870	3 Eupago, Woocommerce, Wordpress	3 Eupago Gateway Woocommerce, Woocommerce, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Eupago Eupago Gateway For Woocommerce eupago-gateway-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eupago Gateway For Woocommerce: from n/a through <= 4.6.3.
CVE-2025-62748	3 Genetech Products, Woocommerce, Wordpress	3 Web And Woocommerce Addons For Wpbakery Builder, Woocommerce, Wordpress	2026-01-20	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Genetech Products Web and WooCommerce Addons for WPBakery Builder allows DOM-Based XSS.This issue affects Web and WooCommerce Addons for WPBakery Builder: from n/a through 1.5.
CVE-2025-62151	2 Woocommerce, Wordpress	2 Woocommerce, Wordpress	2026-01-20	8.8 High
Missing Authorization vulnerability in Virtuaria Virtuaria PagBank / PagSeguro para Woocommerce virtuaria-pagseguro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Virtuaria PagBank / PagSeguro para Woocommerce: from n/a through <= 3.6.3.
CVE-2025-62081	3 Channelize.io, Woocommerce, Wordpress	3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress	2026-01-20	5.3 Medium
Missing Authorization vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0.
CVE-2025-62080	3 Channelize.io, Woocommerce, Wordpress	3 Live Shopping & Shoppable Videos For Woocommerce, Woocommerce, Wordpress	2026-01-20	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.Io Team Live Shopping & Shoppable Videos For WooCommerce allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through 2.2.0.
CVE-2025-62015	3 Josh Kohlbach, Woocommerce, Wordpress	4 Advanced Coupons For Woocommerce Coupons, Woocommerce, Woocommerce Smart Coupons and 1 more	2026-01-20	7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8.
CVE-2025-62008	3 Acowebs, Woocommerce, Wordpress	3 Product Labels For Woocommerce, Woocommerce, Wordpress	2026-01-20	8.8 High
Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through <= 1.2.4.
CVE-2025-62005	3 Fantasticplugins, Woocommerce, Wordpress	3 Sumomemberships, Woocommerce, Wordpress	2026-01-20	7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Cross Site Request Forgery.This issue affects SUMO Memberships for WooCommerce: from n/a through < 7.8.0.
CVE-2025-60247	3 Bux, Woocommerce, Wordpress	3 Bux Woocommerce, Woocommerce, Wordpress	2026-01-20	6.5 Medium
Missing Authorization vulnerability in Bux Bux Woocommerce bux-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bux Woocommerce: from n/a through <= 1.2.3.
CVE-2025-60243	3 Holest Engineering, Woocommerce, Wordpress	3 Selling Commander For Woocommerce, Woocommerce, Wordpress	2026-01-20	9.8 Critical
Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46.
CVE-2025-60235	3 Plugify, Woocommerce, Wordpress	3 Helpdesk Support Ticket System For Woocommerce, Woocommerce, Wordpress	2026-01-20	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Plugify Helpdesk Support Ticket System for WooCommerce support-ticket-system-for-woocommerce allows Using Malicious Files.This issue affects Helpdesk Support Ticket System for WooCommerce: from n/a through <= 2.1.0.
CVE-2025-60222	3 Fantasticplugins, Woocommerce, Wordpress	3 Sumo Memberships For Woocommerce, Woocommerce, Wordpress	2026-01-20	8.8 High
Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.6.0.
CVE-2025-60211	3 Extendons, Woocommerce, Wordpress	3 Woocommerce Registration Fields Plugin, Woocommerce, Wordpress	2026-01-20	8.8 High
Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3.
CVE-2025-60207	3 Addify, Woocommerce, Wordpress	3 Custom User Registration Fields For Woocommerce, Woocommerce, Wordpress	2026-01-20	10 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in Addify Custom User Registration Fields for WooCommerce user-registration-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Custom User Registration Fields for WooCommerce: from n/a through <= 2.1.2.

« first previous Page 2 of 10. next last »