Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WPSwings — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting WPSwings. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpswings develops WordPress plugins primarily for e-commerce and business management solutions. Historically, their plugins have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation issues, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities across their products has resulted in 16 CVEs to date, indicating systemic security weaknesses in their development practices. Their plugins' broad functionality and integration with multiple WordPress systems increase potential attack surfaces when vulnerabilities are present.

Top products by WPSwings: Return Refund and Exchange For WooCommerce Ultimate Gift Cards for WooCommerce Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments WooCommerce Ultimate Gift Card One Click Upsell Funnel for Woocommerce Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups. WooCommerce Ultimate Points And Rewards Subscriptions for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation — Subscriptions for WooCommerceCWE-862 5.3 Medium2026-03-18
CVE-2025-14450 Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation — Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription PaymentsCWE-862 6.5 Medium2026-01-17
CVE-2025-12881 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message Read — Return Refund and Exchange For WooCommerceCWE-639 5.4 Medium2025-11-21
CVE-2025-12086 Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation — Return Refund and Exchange For WooCommerceCWE-639 4.3 Medium2025-11-21
CVE-2025-64267 WordPress WooCommerce Ultimate Points And Rewards plugin <= 2.10.2 - Sensitive Data Exposure vulnerability — WooCommerce Ultimate Points And RewardsCWE-497 4.3 Medium2025-11-13
CVE-2025-47569 WordPress WooCommerce Ultimate Gift Card plugin <= 2.9.6 - SQL Injection vulnerability — WooCommerce Ultimate Gift CardCWE-89 9.3 Critical2025-09-09
CVE-2025-5103 Ultimate Gift Cards for WooCommerce <= 3.1.4 - Authenticated (Administrator+) SQL Injection via wps_wgm_save_post Function — Ultimate Gift Cards for WooCommerceCWE-89 4.9 Medium2025-06-03
CVE-2025-3743 Upsell Funnel Builder for WooCommerce <= 3.0.0 - Unauthenticated Order Manipulation — Upsell Funnel Builder for WooCommerce – Create Upsells, Cross-Sells, Order Bumps, Frequently Bought, and Popups.CWE-472 5.3 Medium2025-04-25
CVE-2024-13724 Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization — Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription PaymentsCWE-285 4.3 Medium2025-03-04
CVE-2024-13682 Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Cross-Site Request Forgery — Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription PaymentsCWE-352 4.3 Medium2025-03-04
CVE-2024-13641 Return Refund and Exchange For WooCommerce <= 4.4.5 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory — Return Refund and Exchange For WooCommerceCWE-200 5.9 Medium2025-02-14
CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference — Return Refund and Exchange For WooCommerceCWE-285 5.4 Medium2025-02-14
CVE-2024-11938 One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode — One Click Upsell Funnel for WoocommerceCWE-79 6.4 Medium2024-12-21
CVE-2024-53740 WordPress WooCommerce Ultimate Gift Card plugin < 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability — WooCommerce Ultimate Gift CardCWE-79 7.1 High2024-12-02
CVE-2024-1857 Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure — Ultimate Gift Cards for WooCommerceCWE-862 5.3 Medium2024-03-16
CVE-2021-4391 Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass — Ultimate Gift Cards for WooCommerceCWE-352 4.3 Medium2023-07-01

This page lists every published CVE security advisory associated with WPSwings. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.