- Published on
-
Apr 28, 2026
- Research Description
-
Checkout optimization plugins operate directly on one of the most commercially sensitive workflows in WordPress: the path between product selection and order completion. Because these plugins modify cart behavior, checkout redirects, AJAX add-to-cart flows, and checkout field visibility, weaknesses in this class of software can affect both security and business integrity. Improper handling of redirects, checkout configuration, request validation, or administrative settings may lead to unauthorized behavior, data exposure, stored XSS, CSRF, or broken transaction flows. Direct Checkout for WooCommerce version 3.6.6 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64648, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WooCommerce checkout, cart, redirect, and purchase-flow optimization plugins.
- Affected versions
-
Min 3.6.6,
max 3.6.6.
Plugin Security Certification
Join the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Get Plugin Security Certificate
| New vulnerability |
|
Booking Package
(CVE-2026-4911)
, Apr 29, 2026
|
|
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
(CVE-2026-42379)
, Apr 28, 2026
|
|
WPIDE – File Manager & Code Editor
, Apr 28, 2026
|
|
UiCore Animate
, Apr 28, 2026
|
|
WP Booking Calendar
, Apr 28, 2026
|