cleantalk
Vulnerabilities and Security Researches

Place Order Without Payment for WooCommerce, CVE-2025-26933

CVE, Research URL

CVE-2025-26933

Home page URL

Security reports for Place Order Without Payment for WooCommerce

Application

Place Order Without Payment for WooCommerce

Published on
Mar 10, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
Affected versions
max 2.6.8.
Status
vulnerable
Previous vulnerability researches
Place Order Without Payment for WooCommerce (CVE-2024-13362) , May 02, 2026
Place Order Without Payment for WooCommerce (CVE-2025-26933) , Feb 27, 2025
Place Order Without Payment for WooCommerce (47f59ee33113bd4bcc6d8e18f80584a2c1a439d9) , Jun 07, 2024
Place Order Without Payment for WooCommerce (CVE-2022-4974) , Nov 14, 2024
New vulnerability
Advanced Product Fields (Product Addons) for WooCommerce (CVE-2026-39499) , May 02, 2026
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2026-25440) , May 02, 2026
Unlimited Elements For Elementor (Free Widgets, Addons, Templates) (CVE-2024-13362) , May 02, 2026
POST SMTP – The #1 WordPress SMTP Plugin with Advanced Email Logging and Delivery Failure Notifications (CVE-2024-13362) , May 02, 2026
Elementor Website Builder – More than Just a Page Builder (CVE-2026-6127) , May 02, 2026