Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-9168
WooCommerce prior to 3.5.5 allows XSS via a Photoswipe caption.
Woocommerce Woocommerce
4.3
CVSSv3
CVE-2022-0775
The WooCommerce WordPress plugin prior to 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
Woocommerce Woocommerce
5.3
CVSSv3
CVE-2020-29156
The WooCommerce plugin prior to 4.7.0 for WordPress allows remote malicious users to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
Woocommerce Woocommerce
1 Github repository
8.1
CVSSv3
CVE-2018-20714
The logging system of the Automattic WooCommerce plugin prior to 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate priv...
Woocommerce Woocommerce
6.1
CVSSv3
CVE-2021-24940
The Persian Woocommerce WordPress plugin up to and including 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Woocommerce Persian-woocommerce
5.4
CVSSv3
CVE-2023-32746
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
Woocommerce Woocommerce Brands
8.8
CVSSv3
CVE-2023-36511
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
Woocommerce Woocommerce Order Barcodes
5.4
CVSSv3
CVE-2023-32793
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
Woocommerce Woocommerce Pre-orders
6.1
CVSSv3
CVE-2023-32802
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
Woocommerce Woocommerce Pre-orders
5.4
CVSSv3
CVE-2023-34004
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
Woocommerce Woocommerce Box Office
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »