Skip to main content

Woocommerce Dropshipping

3 CVEs product

Monthly

CVE-2026-49071 MEDIUM This Month

Broken authentication in WooCommerce Dropshipping plugin versions 5.2.4 and earlier allows unauthenticated remote attackers to bypass authentication controls via an alternate path or channel (CWE-288), yielding partial confidentiality and integrity impact on affected WordPress e-commerce installations. Reported by Patchstack, the flaw is confirmed at CVSS 6.5 Medium with a fully network-accessible, zero-complexity attack path requiring no privileges or user interaction. No public exploit code or CISA KEV listing exists at time of analysis, moderating real-world urgency despite the low exploitation barrier.

WordPress Information Disclosure Woocommerce Dropshipping
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-35748 MEDIUM This Month

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Dropshipping
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-3481 CRITICAL POC Act Now

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Woocommerce Dropshipping
NVD WPScan VulDB
CVSS 3.1
9.8
EPSS
3.7%
EPSS 0% CVSS 6.5
MEDIUM This Month

Broken authentication in WooCommerce Dropshipping plugin versions 5.2.4 and earlier allows unauthenticated remote attackers to bypass authentication controls via an alternate path or channel (CWE-288), yielding partial confidentiality and integrity impact on affected WordPress e-commerce installations. Reported by Patchstack, the flaw is confirmed at CVSS 6.5 Medium with a fully network-accessible, zero-complexity attack path requiring no privileges or user interaction. No public exploit code or CISA KEV listing exists at time of analysis, moderating real-world urgency despite the low exploitation barrier.

WordPress Information Disclosure Woocommerce Dropshipping
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Dropshipping
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

The WooCommerce Dropshipping WordPress plugin before 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Woocommerce Dropshipping
NVD WPScan VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy