In WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions 4.7.1 and prior a medium severity vulnerability CVE-2025-24644 was detected. This vulnerability allows attackers to execute a stored cross-site scripting (XSS) attack due to improper neutralization of input during web page generation. To address this issue, users should update the WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin to version 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24644.
Read more E-commerceIn WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.
Read more E-commerceIn MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.
Read more E-commerceIn Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.
Read more E-commerceIn Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.
Read more E-commerceIn Deliver via Shipos for WooCommerce plugin versions up to 2.1.7 a medium severity vulnerability CVE-2024-12222 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘dvsfw_bulk_label_url’ parameter due to insufficient input sanitization and output escaping. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12222.
Read more E-commerceIn WooCommerce Check Pincode/Zipcode for Shipping plugin versions up to 2.0.4 a medium severity vulnerability CVE-2024-12218 was detected. This vulnerability allows unauthenticated attackers to inject malicious web scripts via a forged request due to missing or incorrect nonce validation. At the moment, there is no patched version available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12218.
Read more E-commerceIn WooCommerce Point of Sale plugin for WordPress versions up to 6.1.0 a critical severity vulnerability CVE-2024-11281 was detected. This vulnerability allows attackers to change the email and reset the password of any user, including administrators, due to insufficient validation of the ‘logged_in_user_id’ value. To address this issue, users should upgrade to version 6.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11281.
Read more E-commerceIn WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates plugin for WordPress in versions up to 2.9.1 a medium severity vulnerability CVE-2024-53740 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts into pages by tricking users into actions such as clicking on a link, due to insufficient input sanitization and output escaping. To address this issue, users must upgrade to version 2.9.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-53740.
Read more E-commerce