Vulnerabilities and security researches forwoocommerce-germanized woocommerce-germanized

Jun 07, 2024

CVE, Research URL: c7f8732ffdd5f3947de85d9aaed3c63d7a44299e
Home page URL: Security reports for Germanized for WooCommerce
Application: Germanized for WooCommerce
Date: May 31, 2022
Research Description: Germanized for WooCommerce [woocommerce-germanized] < 3.9.5 WordPress Germanized for WooCommerce plugin <= 3.9.4 - Reflected Cross-Site Scripting (XSS) vulnerability Reflected Cross-Site Scripting (XSS) vulnerability discovered by WPScanTeam in WordPress Germanized for WooCommerce plugin (versions <= 3.9.4). Update the WordPress Germanized for WooCommerce plugin to the latest available version (at least 3.9.5).
Affected versions: max 3.9.5.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-2582
Home page URL: Security reports for Germanized for WooCommerce
Application: Germanized for WooCommerce
Date: Apr 14, 2026
Research Description: The The Germanized for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution via 'account_holder' parameter in all versions up to, and including, 3.20.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: max 3.20.6.
Status: vulnerable