Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-24323
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled
Woocommerce Woocommerce
4.8
CVSSv3
CVE-2022-2099
The WooCommerce WordPress plugin prior to 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
Woocommerce Woocommerce
4.8
CVSSv3
CVE-2016-10112
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin prior to 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
Woocommerce Woocommerce
5.3
CVSSv3
CVE-2020-29156
The WooCommerce plugin prior to 4.7.0 for WordPress allows remote malicious users to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
Woocommerce Woocommerce
1 Github repository
6.1
CVSSv3
CVE-2021-24940
The Persian Woocommerce WordPress plugin up to and including 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Woocommerce Persian-woocommerce
5.4
CVSSv3
CVE-2023-32746
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
Woocommerce Woocommerce Brands
6.1
CVSSv3
CVE-2021-24938
The WOOCS WordPress plugin prior to 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Woocommerce Woocommerce Currency Switcher
6.5
CVSSv3
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow malicious users to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Woocommerce Woocommerce Pre-orders
6.5
CVSSv3
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow malicious users to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complet...
Woocommerce Woocommerce Pre-orders
5.4
CVSSv3
CVE-2023-34004
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
Woocommerce Woocommerce Box Office
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »