VulnTitan VulnTitan Security command center
Theme Vulnerability Hub
Theme 16 known issues Latest disclosed Mar 23, 2026

Woodmart Vulnerabilities

Review known vulnerability records for the WordPress theme Woodmart (`woodmart`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-23971, CVE-2025-47600 and CVE-2025-49935, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
16
High or Critical
4
Patch Coverage
100%
Last Updated
Apr 02, 2026
Priority CVE Quick Links

Fast paths into Woodmart CVE reports

Start with the highest-signal CVE records for this WordPress theme before scanning the full vulnerability feed.

Indexed CVEs
16
CVE-2025-6746 High 8.2.4
CVE-2025-6746 Woodmart Local File Inclusion

WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion

CVE-2026-23971 High 8.3.9
CVE-2026-23971 Woodmart Vulnerability

Woodmart <= 8.3.8 - Unauthenticated PHP Object Injection

CVE-2025-49935 High 8.3.2
CVE-2025-49935 Woodmart Local File Inclusion

WoodMart < 8.3.2 - Authenticated (Contributor+) Local File Inclusion

CVE-2025-6744 High 8.2.4
CVE-2025-6744 Woodmart Vulnerability

Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution

CVE-2025-47600 Medium 8.3.8
CVE-2025-47600 Woodmart Vulnerability

WoodMart <= 8.3.7 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-12333 Medium 8.0.4
CVE-2024-12333 Woodmart Vulnerability

WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution

CVE-2023-32500 Medium 7.1.2
CVE-2023-32500 Woodmart Cross-Site Request Forgery

Woodmart <= 7.1.1 - Cross-Site Request Forgery to License Update

CVE-2023-25790 Medium 7.1.2
CVE-2023-25790 Woodmart Vulnerability

WoodMart <= 7.1.1 - Missing Authorization to Shortcode Injection

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Woodmart so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
16 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 4 high severity findings.
Recent CVEs
CVE-2026-23971, CVE-2025-47600 and CVE-2025-49935
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Woodmart

Sorted by latest disclosure date so newly published issues surface first.

Theme High Patched: Yes CVE-2026-23971
CVE-2026-23971: Woodmart <= 8.3.8 - Unauthenticated PHP Object Injection

The Woodmart theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 8.3.8 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable soft...

Published
Mar 23, 2026
Patched Release
8.3.9
Affected Versions
Versions up to 8.3.8
Next Step
Update to 8.3.9 or newer if supported.
Open CVE-2026-23971 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-47600
CVE-2025-47600: WoodMart <= 8.3.7 - Unauthenticated Arbitrary Shortcode Execution

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.3.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it poss...

Published
Jan 09, 2026
Patched Release
8.3.8
Affected Versions
Versions up to 8.3.7
Next Step
Update to 8.3.8 or newer if supported.
Open CVE-2025-47600 Report Open CVE Reference
Theme High Patched: Yes CVE-2025-49935
CVE-2025-49935: WoodMart < 8.3.2 - Authenticated (Contributor+) Local File Inclusion

The WoodMart theme for WordPress is vulnerable to Local File Inclusion in versions up to 8.3.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP cod...

Published
Oct 14, 2025
Patched Release
8.3.2
Affected Versions
Versions before 8.3.2
Next Step
Update to 8.3.2 or newer if supported.
Open CVE-2025-49935 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-49936
CVE-2025-49936: WoodMart < 8.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WoodMart theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web s...

Published
Oct 10, 2025
Patched Release
8.3.2
Affected Versions
Versions before 8.3.2
Next Step
Update to 8.3.2 or newer if supported.
Open CVE-2025-49936 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-8097
CVE-2025-8097: WoodMart - Multipurpose WooCommerce Theme <= 8.2.6 - Improper Input Validation Leading to Unauthenticated Cart Manipulation

The WoodMart theme for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 8.2.6. This is due to insufficient validation of the qty parameter in the woodmart_update_cart_item function. This makes it possible for unauthenticated attackers to...

Published
Jul 25, 2025
Patched Release
8.2.7
Affected Versions
Versions up to 8.2.6
Next Step
Update to 8.2.7 or newer if supported.
Open CVE-2025-8097 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-6745
CVE-2025-6745: WoodMart <= 8.2.5 - Unauthenticated Post Disclosure

The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers...

Published
Jul 10, 2025
Patched Release
8.2.6
Affected Versions
Versions up to 8.2.5
Next Step
Update to 8.2.6 or newer if supported.
Open CVE-2025-6745 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2025-6743
CVE-2025-6743: WoodMart <= 8.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Woodmart theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'multiple_markers' attribute in all versions up to, and including, 8.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible f...

Published
Jul 07, 2025
Patched Release
8.2.4
Affected Versions
Versions up to 8.2.3
Next Step
Update to 8.2.4 or newer if supported.
Open CVE-2025-6743 Report Open CVE Reference
Theme High Patched: Yes CVE-2025-6746
CVE-2025-6746: WoodMart <= 8.2.3 - Authenticated (Contributor+) Local File Inclusion

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files...

Published
Jul 07, 2025
Patched Release
8.2.4
Affected Versions
Versions up to 8.2.3
Next Step
Update to 8.2.4 or newer if supported.
Open CVE-2025-6746 Report Open CVE Reference
Theme High Patched: Yes CVE-2025-6744
CVE-2025-6744: Woodmart <= 8.2.3 - Unauthenticated Arbitrary Shortcode Execution

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmar...

Published
Jul 07, 2025
Patched Release
8.2.4
Affected Versions
Versions up to 8.2.3
Next Step
Update to 8.2.4 or newer if supported.
Open CVE-2025-6744 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2024-12333
CVE-2024-12333: WoodMart <= 8.0.3 - Unauthenticated Arbitrary Shortcode Execution

The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_in...

Published
Dec 11, 2024
Patched Release
8.0.4
Affected Versions
Versions up to 8.0.3
Next Step
Update to 8.0.4 or newer if supported.
Open CVE-2024-12333 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2023-41872
CVE-2023-41872: WoodMart <= 7.2.4 - Reflected Cross-Site Scripting

The WoodMart theme for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Published
Sep 05, 2023
Patched Release
7.2.5
Affected Versions
Versions up to 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2023-41872 Report Open CVE Reference
Theme Medium Patched: Yes CVE-2023-32239
CVE-2023-32239: WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The WoodMart theme for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 7.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acc...

Published
May 11, 2023
Patched Release
7.2.2
Affected Versions
Versions up to 7.2.1
Next Step
Update to 7.2.2 or newer if supported.
Open CVE-2023-32239 Report Open CVE Reference