Browse all 5 CVE security advisories affecting XforWooCommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.
XforWooCommerce is a WordPress plugin designed to extend WooCommerce functionality with additional features. Historically, the plugin has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These vulnerabilities have allowed attackers to execute arbitrary code, steal sensitive data, and gain unauthorized administrative access. The plugin currently has five CVEs on record, highlighting ongoing security concerns. Notable incidents include vulnerabilities that could allow complete site takeover through insufficient input validation and improper access controls. Security researchers have consistently identified issues related to inadequate sanitization and permission checks, making it a target for attackers seeking to compromise e-commerce platforms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-69378 | WordPress Product Filter for WooCommerce plugin <= 9.1.2 - Privilege Escalation vulnerability — Product Filter for WooCommerceCWE-266 | 7.2 | High | 2026-02-20 |
| CVE-2025-68993 | WordPress Share, Print and PDF Products for WooCommerce plugin <= 3.1.2 - Broken Access Control vulnerability — Share, Print and PDF Products for WooCommerceCWE-862 | 5.3 | Medium | 2025-12-30 |
| CVE-2025-68994 | WordPress Product Loops for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability — Product Loops for WooCommerceCWE-862 | 5.3 | Medium | 2025-12-30 |
| CVE-2024-33628 | WordPress XforWooCommerce plugin <= 2.0.2 - Authenticated Local File Inclusion vulnerability — XforWooCommerceCWE-22 | 8.8 | High | 2024-06-04 |
| CVE-2021-4337 | Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization — Package Quantity DiscountCWE-862 | 8.8 | High | 2023-06-07 |
This page lists every published CVE security advisory associated with XforWooCommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.