Commerce plugin <= 2.11.9 Unauthenticated Stored CrossSite Scripting via name Parameter vulnerability
11 February, 2025
Commerce plugin <= 2.9.14 Broken Access Control + CSRF vulnerability
12 April, 2024
Commerce plugin <= 2.9.3 SQL Injection vulnerability
21 December, 2023
Commerce plugin <= 2.9.6 Authenticated (Administrator+) Directory Traversal vulnerability
11 December, 2023
Commerce plugin <= 2.9.5 Authenticated (Administrator+) PHP Object Injection vulnerability
15 November, 2023