VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Sep 05, 2025

License Manager for WooCommerce Vulnerabilities

Review known vulnerability records for the WordPress plugin License Manager for WooCommerce (`license-manager-for-woocommerce`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-58788, CVE-2025-32522 and CVE-2024-1639, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
1
Patch Coverage
100%
Last Updated
Oct 08, 2025
Priority CVE Quick Links

Fast paths into License Manager for WooCommerce CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2023-48742 High 2.2.11
CVE-2023-48742 License Manager for WooCommerce SQL Injection

License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection

CVE-2024-1639 Medium 3.0.7
CVE-2024-1639 License Manager for WooCommerce Sensitive Information Exposure

License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

CVE-2025-32522 Medium 3.0.10
CVE-2025-32522 License Manager for WooCommerce Cross-Site Scripting

License Manager for WooCommerce <= 3.0.9 - Reflected Cross-Site Scripting

CVE-2025-58788 Medium 3.0.13
CVE-2025-58788 License Manager for WooCommerce SQL Injection

License Manager for WooCommerce <= 3.0.12 - Authenticated (Administrator+) SQL Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for License Manager for WooCommerce so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
4 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2025-58788, CVE-2025-32522 and CVE-2024-1639
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for License Manager for WooCommerce

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-58788
CVE-2025-58788: License Manager for WooCommerce <= 3.0.12 - Authenticated (Administrator+) SQL Injection

The License Manager for WooCommerce plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for au...

Published
Sep 05, 2025
Patched Release
3.0.13
Affected Versions
Versions up to 3.0.12
Next Step
Update to 3.0.13 or newer if supported.
Open CVE-2025-58788 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-32522
CVE-2025-32522: License Manager for WooCommerce <= 3.0.9 - Reflected Cross-Site Scripting

The License Manager for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary we...

Published
Apr 10, 2025
Patched Release
3.0.10
Affected Versions
Versions up to 3.0.9
Next Step
Update to 3.0.10 or newer if supported.
Open CVE-2025-32522 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-1639
CVE-2024-1639: License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure

The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.6. This makes it possible for authenticated...

Published
Jun 20, 2024
Patched Release
3.0.7
Affected Versions
Versions up to 3.0.6
Next Step
Update to 3.0.7 or newer if supported.
Open CVE-2024-1639 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-48742
CVE-2023-48742: License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection

The License Manager for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the orderby parameter in versions up to, and including, 2.2.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Thi...

Published
Nov 23, 2023
Patched Release
2.2.11
Affected Versions
Versions up to 2.2.10
Next Step
Update to 2.2.11 or newer if supported.
Open CVE-2023-48742 Report Open CVE Reference