This page collects WhisperX intelligence signals tagged #WooCommerce. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been identified in the PPOM for WooCommerce plugin, exposing sensitive store data to unauthenticated users. The plugin's entire REST API, comprising seven distinct endpoints, is configured with a blanket `'permission_callback' => '__return_true'`. This configuration effectively byp...
A critical, unauthenticated Local File Inclusion (LFI) vulnerability has been publicly documented for the HUSKY Products Filter Professional plugin for WooCommerce, designated as CVE-2025-1661. The flaw allows attackers to directly target WordPress sites by sending a malicious POST request to the `/wp-admin/admin-ajax....
A critical missing authorization vulnerability has been identified in InfusedWoo Pro, a WordPress plugin widely used for integrating WooCommerce with the Infusionsoft CRM platform. Tracked as CVE-2026-6512 and classified under CWE-862 (Missing Authorization), the flaw affects all versions up to and including 5.1.2. The...