Sixteen plugins for WordPress, known as XforWooCommerce Add-On Plugins, have an issue that could allow attackers with subscriber-level permissions or higher to access, edit, or delete WordPress settings, plugin settings, and to see a list of users on the WordPress website. The plugins affected are: Product Filter for WooCommerce, Improved Product Options for WooCommerce, Improved Sale Badges for WooCommerce, Share, Print and PDF Products for WooCommerce, Product Loops for WooCommerce, XforWooCommerce, Package Quantity Discount, Price Commander for WooCommerce, Comment and Review Spam Control for WooCommerce, Add Product Tabs for WooCommerce, Autopilot SEO for WooCommerce, Floating Cart, Live Search for WooCommerce, Bulk Add to Cart for WooCommerce, Live Product Editor for WooCommerce, and Warranties and Returns for WooCommerce. All of these plugins are vulnerable to the authorization bypass issue in various versions listed.