Vulnerabilities and security researches forwoocommerce-store-toolkit woocommerce-store-toolkit

Nov 11, 2025

CVE, Research URL: CVE-2025-60204
Home page URL: Security reports for Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Application: Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Date: Nov 06, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Josh Kohlbach WooCommerce Store Toolkit woocommerce-store-toolkit allows PHP Local File Inclusion.This issue affects WooCommerce Store Toolkit: from n/a through <= 2.4.3.
Affected versions: max 2.4.3.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Application: Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: max 2.3.4.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2016-10923
Home page URL: Security reports for Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Application: Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Date: Aug 22, 2019
Research Description: The woocommerce-store-toolkit plugin before 1.5.8 for WordPress has privilege escalation.
Affected versions: max 2.3.9.
Status: vulnerable

CVE, Research URL: CVE-2021-25077
Home page URL: Security reports for Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Application: Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Date: Feb 07, 2022
Research Description: The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting
Affected versions: max 2.3.4.
Status: vulnerable

CVE, Research URL: CVE-2016-10922
Home page URL: Security reports for Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Application: Store Toolkit for WooCommerce – Boost WooCommerce with useful tools, nuking/deleting, reports, order filters & more!
Date: Aug 22, 2019
Research Description: The woocommerce-store-toolkit plugin before 1.5.7 for WordPress has privilege escalation.
Affected versions: max 1.5.7.
Status: vulnerable