- Published on
-
Apr 28, 2026
- Research Description
-
Checkout optimization plugins operate directly on one of the most commercially sensitive workflows in WordPress: the path between product selection and order completion. Because these plugins modify cart behavior, checkout redirects, AJAX add-to-cart flows, and checkout field visibility, weaknesses in this class of software can affect both security and business integrity. Improper handling of redirects, checkout configuration, request validation, or administrative settings may lead to unauthorized behavior, data exposure, stored XSS, CSRF, or broken transaction flows. Direct Checkout for WooCommerce version 3.6.6 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64648, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WooCommerce checkout, cart, redirect, and purchase-flow optimization plugins.
- Affected versions
-
Min 3.6.6,
max 3.6.6.
Plugin Security Certification
Join the community of developers who prioritize security. Highlight your plugin in the WordPress catalog.
Get Plugin Security Certificate
| New vulnerability |
|
Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress
(CVE-2026-8912)
, May 20, 2026
|
|
Cookie Law Bar
(CVE-2021-47957)
, May 20, 2026
|
|
WordPress Infinite Scroll – Ajax Load More
(CVE-2026-6495)
, May 20, 2026
|
|
AI Engine
(CVE-2025-8084)
, May 20, 2026
|
|
AI Engine
(CVE-2026-8719)
, May 20, 2026
|