All CosmicBytez Labs articles tagged #WooCommerce, across news, security advisories, how-to guides, and projects.
A high-severity privilege escalation flaw in WPFunnels for WordPress allows attackers to update arbitrary site options via an unvalidated REST callback, affecting all versions up to 3.12.8.
The Happy Coders OTP Login for WooCommerce plugin before 2.8 allows unauthenticated attackers to bypass OTP verification and log in as any WordPress user, including administrators.
A CVSS 9.1 critical unauthenticated arbitrary file deletion vulnerability in the Printcart Web to Print Product Designer for WooCommerce plugin affects...
A maximum-severity input validation vulnerability in Product Slider Pro for WooCommerce allows attackers to implant malicious software. Affects all versions…
The Fortis for WooCommerce WordPress plugin before version 1.3.1 exposes sensitive API keys to unauthenticated attackers, enabling unauthorized access to...
Attackers are actively exploiting a critical vulnerability in the Funnel Builder WordPress plugin to inject malicious JavaScript into WooCommerce checkout...
A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript into WooCommerce checkout...
A CVSS 9.1 authorization bypass in InfusedWoo Pro for WordPress lets unauthenticated attackers permanently delete arbitrary data across all installations...
A high-severity Insecure Direct Object Reference vulnerability in the WCFM Frontend Manager for WooCommerce plugin (up to v6.7.25) lets authenticated...
A cross-site request forgery vulnerability in WooCommerce versions 5.4.0 through 10.5.2 allows attackers to abuse the Store API's batch endpoint to...