Vulnerabilities and security researches forcheckout-upsell-and-order-bumps checkout-upsell-and-order-bumps

Mar 30, 2026

CVE, Research URL: CVE-2026-32459
Home page URL: Security reports for Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C
Application: Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C
Date: Mar 14, 2026
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
Affected versions: max 2.2.4.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2026-25419
Home page URL: Security reports for Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C
Application: Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C
Date: Feb 19, 2026
Research Description: Missing Authorization vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UpsellWP: from n/a through <= 2.2.3.
Affected versions: max 2.2.3.
Status: vulnerable