Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-20891
WooCommerce prior to 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
Woocommerce Woocommerce
445
VMScore
CVE-2020-29156
The WooCommerce plugin prior to 4.7.0 for WordPress allows remote malicious users to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
Woocommerce Woocommerce
1 Github repository
383
VMScore
CVE-2015-2329
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin prior to 2.3.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via a crafted order.
Woocommerce Woocommerce
312
VMScore
CVE-2022-2099
The WooCommerce WordPress plugin prior to 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
Woocommerce Woocommerce
383
VMScore
CVE-2021-24940
The Persian Woocommerce WordPress plugin up to and including 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Woocommerce Persian-woocommerce
NA
CVE-2023-32746
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
Woocommerce Woocommerce Brands
NA
CVE-2023-32793
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
Woocommerce Woocommerce Pre-orders
NA
CVE-2023-32802
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
Woocommerce Woocommerce Pre-orders
NA
CVE-2023-34004
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
Woocommerce Woocommerce Box Office
NA
CVE-2023-36511
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
Woocommerce Woocommerce Order Barcodes
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »