Vendor
WooCommerce Infinite Scroll Plugin Vulnerable to PHP Object Injection (CVE-2025-11993)
2 rules 1 TTP 1 CVEThe WooCommerce Infinite Scroll and Ajax Pagination plugin for WordPress is vulnerable to PHP Object Injection (CVE-2025-11993) due to deserialization of untrusted data in the 'import_settings' function, potentially leading to arbitrary code execution if a suitable POP chain is present.
WooCommerce PayPal Payments Plugin Vulnerable to Order Manipulation and Information Disclosure (CVE-2026-9284)
2 rules 1 TTP 1 CVEThe WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on WC-AJAX endpoints, allowing attackers to manipulate order payment flows and exfiltrate sensitive order details (CVE-2026-9284).
Funnel Builder for WooCommerce Checkout Missing Authorization Vulnerability (CVE-2026-47100)
2 rules 1 CVEFunnel Builder for WooCommerce Checkout versions prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and inject malicious JavaScript, impacting checkout page visitors.
WooCommerce CSV Importer Path Traversal File Deletion (CVE-2018-25325)
2 rules 1 TTP 1 CVEWooCommerce CSV Importer 3.3.6 contains a path traversal vulnerability (CVE-2018-25325) that allows registered users to delete arbitrary files by submitting crafted filenames via the delete_export_file AJAX action.
CVE-2026-4094: FOX – Currency Switcher Professional for WooCommerce Plugin Vulnerability
2 rules 1 TTP 1 CVEThe FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss (CVE-2026-4094) due to a missing capability check, allowing authenticated attackers with Contributor-level access or higher to delete the multi-currency configuration.