Browse all 3 CVE security advisories affecting wpecommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Wpecommerce serves as a WordPress plugin enabling e-commerce functionality for websites, allowing businesses to manage products, payments, and transactions. Historically, it has been susceptible to various vulnerability classes including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and improper access controls. While no major public security incidents have been widely documented, its three recorded CVEs highlight ongoing security concerns. The plugin's integration with WordPress core and third-party payment systems creates a complex attack surface requiring regular security updates and careful configuration to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-57891 | WordPress Recurring PayPal Donations Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability — Recurring PayPal DonationsCWE-79 | 5.9 | Medium | 2025-08-22 |
| CVE-2025-22826 | WordPress Sell Digital Downloads plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability — Sell Digital DownloadsCWE-79 | 6.5 | Medium | 2025-01-09 |
| CVE-2024-35676 | WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability — Recurring PayPal DonationsCWE-79 | 6.5 | Medium | 2024-06-08 |
This page lists every published CVE security advisory associated with wpecommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.