Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Woocommerce Paypal Payments
8.8
CVSSv3
CVE-2023-47787
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 2.0.3.
Automattic Woocommerce Bookings
6.1
CVSSv3
CVE-2022-0818
The WooCommerce Affiliate Plugin WordPress plugin prior to 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated malicious user to inject malicious XSS payloads into the setti...
Yithemes Woocommerce Affiliate
6.1
CVSSv3
CVE-2015-10113
A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The atta...
Woocommerce Wooframework Tweaks
7.5
CVSSv3
CVE-2023-37871
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a up to and including 2.5.6.
Automattic Woocommerce Gocardless
6.1
CVSSv3
CVE-2023-30475
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.
Couponaffiliates Woocommerce Affiliate
6.1
CVSSv3
CVE-2022-46864
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.
Woocommerce Custom Checkout Fields Editor With Drag \\& Drop Project Woocommerce Custom Checkout Fields Editor With Drag \\& Drop
6.1
CVSSv3
CVE-2023-5325
The Woocommerce Vietnam Checkout WordPress plugin prior to 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
Levantoan Woocommerce Vietnam Checkout
4.3
CVSSv3
CVE-2021-4409
The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for unauthenticated maliciou...
Exportfeed Woocommerce Etsy Integration
6.1
CVSSv3
CVE-2023-0942
The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated ma...
Artisanworkshop Japanized For Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »