Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33949
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vark Min and Max Purchase for WooCommerce allows Stored XSS.This issue affects Min and Max Purchase for WooCommerce: from n/a up to and including 2.0.0.
NA
CVE-2024-3728
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery & Interactive Circle widgets in all versions up to, and inc...
NA
CVE-2024-2876
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, a...
1 Github repository
NA
CVE-2024-3045
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in versions up to, and including, 3.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthentic...
NA
CVE-2024-3047
The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 3.8.0 via the transform() function. This can allow unauthenticated malicious users to make web requests to arbitrary locations ...
NA
CVE-2024-0629
The 2Checkout Payment Gateway for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the sniff_ins function in all versions up to, and including, 6.2. This makes it possible for unauthenticated malicious users ...
NA
CVE-2024-3734
The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated malicious users to execute arbitrary shortcodes. The severity and exploitabi...
NA
CVE-2024-33944
Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a up to and including 4.0.2.
NA
CVE-2024-4185
The Customer Email Verification for WooCommerce plugin for WordPress is vulnerable to Email Verification and Authentication Bypass in all versions up to, and including, 2.7.4 via the use of insufficiently random activation code. This makes it possible for unauthenticated maliciou...
NA
CVE-2024-33585
Missing Authorization vulnerability in Tyche Softwares Payment Gateway Based Fees and Discounts for WooCommerce.This issue affects Payment Gateway Based Fees and Discounts for WooCommerce: from n/a up to and including 2.12.1.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »