cleantalk
Vulnerabilities and Security Researches

Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C, CVE-2026-32459

CVE, Research URL

CVE-2026-32459

Home page URL

Security reports for Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C

Application

Checkout Upsell – WooCommerce Upsell, Cross Sell, Order Bumps, One Click Upsell, Frequently Bought Together, Next Order C

Published on
Mar 14, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through <= 2.2.4.
Affected versions
max 2.2.4.
Status
vulnerable
Previous vulnerability researches
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2024-5327) , Jun 07, 2024
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2021-25027) , Jun 07, 2024
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2021-24263) , Jun 07, 2024
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2023-6984) , Jun 07, 2024
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2024-1055) , Jun 07, 2024
New vulnerability
ionCube tester plus (CVE-2025-69411) , Mar 30, 2026
WP Review Slider (CVE-2026-32491) , Mar 30, 2026
MDTF &#8211; Meta Data and Taxonomies Filter (CVE-2026-32455) , Mar 30, 2026
Get Use APIs &#8211; JSON Content Importer (CVE-2025-15363) , Mar 30, 2026
OSM &#8211; OpenStreetMap (CVE-2026-33559) , Mar 30, 2026