Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2018-20714
The logging system of the Automattic WooCommerce plugin prior to 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate priv...
Woocommerce Woocommerce
4.3
CVSSv2
CVE-2015-2329
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin prior to 2.3.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via a crafted order.
Woocommerce Woocommerce
NA
CVE-2023-52222
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a up to and including 8.2.2.
Woocommerce Woocommerce
5
CVSSv2
CVE-2020-29156
The WooCommerce plugin prior to 4.7.0 for WordPress allows remote malicious users to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
Woocommerce Woocommerce
1 Github repository
4.3
CVSSv2
CVE-2021-24940
The Persian Woocommerce WordPress plugin up to and including 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
Woocommerce Persian-woocommerce
NA
CVE-2023-32746
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
Woocommerce Woocommerce Brands
NA
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow malicious users to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Woocommerce Woocommerce Pre-orders
NA
CVE-2023-34004
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
Woocommerce Woocommerce Box Office
4.3
CVSSv2
CVE-2016-10987
The persian-woocommerce-sms plugin prior to 3.3.4 for WordPress has ps_sms_numbers XSS.
Woocommerce Persian Woocommerce Sms
NA
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow malicious users to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complet...
Woocommerce Woocommerce Pre-orders
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »