VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Dec 05, 2025

Plug your WooCommerce into the largest catalog of customized print products from Helloprint Vulnerabilities

Review known vulnerability records for the WordPress plugin Plug your WooCommerce into the largest catalog of customized print products from Helloprint (`helloprint`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-13666, CVE-2025-26540 and CVE-2025-26534, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
3
Patch Coverage
100%
Last Updated
Dec 06, 2025
Priority CVE Quick Links

Fast paths into Plug your WooCommerce into the largest catalog of customized print products from Helloprint CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2024-50525 Critical 2.0.5
CVE-2024-50525 Plug your WooCommerce into the largest catalog of customized print products from Helloprint Remote Code Execution

Plug your WooCommerce into the largest catalog of customized print products from Helloprint <= 2.0.4 - Unauthenticated Arbitrary File Upload

CVE-2025-26534 Critical 2.1.0
CVE-2025-26534 Plug your WooCommerce into the largest catalog of customized print products from Helloprint Remote Code Execution

Helloprint <= 2.0.7 - Unauthenticated Arbitrary File Deletion

CVE-2025-26540 High 2.1.0
CVE-2025-26540 Plug your WooCommerce into the largest catalog of customized print products from Helloprint Remote Code Execution

Helloprint <= 2.0.7 - Authenticated (Subscriber+) Arbitrary File Deletion

CVE-2022-3908 Medium 1.4.7
CVE-2022-3908 Plug your WooCommerce into the largest catalog of customized print products from Helloprint Cross-Site Scripting

Helloprint <= 1.4.6 - Reflected Cross-Site Scripting

CVE-2022-3908 Medium 1.4.7
CVE-2022-3908 Plug your WooCommerce into the largest catalog of customized print products from Helloprint Cross-Site Scripting

Helloprint <= 1.4.6 - Reflected Cross-Site Scripting

CVE-2025-13666 Medium No patch listed
CVE-2025-13666 Plug your WooCommerce into the largest catalog of customized print products from Helloprint Vulnerability

Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Plug your WooCommerce into the largest catalog of customized print products from Helloprint so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
2 critical and 1 high severity finding.
Recent CVEs
CVE-2025-13666, CVE-2025-26540 and CVE-2025-26534
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Plug your WooCommerce into the largest catalog of customized print products from Helloprint

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2025-13666
CVE-2025-13666: Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification

The Helloprint plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.2. This is due to the plugin registering a public REST API endpoint without implementing authorization checks to verify request authenticity. This makes it possible fo...

Published
Dec 05, 2025
Patched Release
Not published
Affected Versions
Versions up to 2.1.2
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-13666 Report Open CVE Reference
Plugin High Patched: Yes CVE-2025-26540
CVE-2025-26540: Helloprint <= 2.0.7 - Authenticated (Subscriber+) Arbitrary File Deletion

The Plug your WooCommerce into the largest catalog of customized print products from Helloprint plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 2.0.7. This makes it possible...

Published
Feb 22, 2025
Patched Release
2.1.0
Affected Versions
Versions up to 2.0.7
Next Step
Update to 2.1.0 or newer if supported.
Open CVE-2025-26540 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2025-26534
CVE-2025-26534: Helloprint <= 2.0.7 - Unauthenticated Arbitrary File Deletion

The Plug your WooCommerce into the largest catalog of customized print products from Helloprint plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 2.0.7. This makes it possible...

Published
Feb 22, 2025
Patched Release
2.1.0
Affected Versions
Versions up to 2.0.7
Next Step
Update to 2.1.0 or newer if supported.
Open CVE-2025-26534 Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-50525
CVE-2024-50525: Plug your WooCommerce into the largest catalog of customized print products from Helloprint <= 2.0.4 - Unauthenticated Arbitrary File Upload

The Plug your WooCommerce into the largest catalog of customized print products from Helloprint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 2.0.4. This makes it possible for unauthenticated...

Published
Oct 30, 2024
Patched Release
2.0.5
Affected Versions
Versions up to 2.0.4
Next Step
Update to 2.0.5 or newer if supported.
Open CVE-2024-50525 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-3908
CVE-2022-3908: Helloprint <= 1.4.6 - Reflected Cross-Site Scripting

The Helloprint plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' parameter in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbit...

Published
Nov 15, 2022
Patched Release
1.4.7
Affected Versions
Versions up to 1.4.6
Next Step
Update to 1.4.7 or newer if supported.
Open CVE-2022-3908 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-3908
CVE-2022-3908: Helloprint <= 1.4.6 - Reflected Cross-Site Scripting

The Helloprint plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘success’ parameter in versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbit...

Published
Nov 15, 2022
Patched Release
1.4.7
Affected Versions
Versions up to 1.4.6
Next Step
Update to 1.4.7 or newer if supported.
Open CVE-2022-3908 Report Open CVE Reference