Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-2838
The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing ...
NA
CVE-2024-3962
The Product Addons & Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ppom_upload_file function in all versions up to, and including, 32.0.18. This makes it possible for unauthenticated malicious us...
NA
CVE-2024-31266
Improper Control of Generation of Code ('Code Injection') vulnerability in AlgolPlus Advanced Order Export For WooCommerce allows Code Injection.This issue affects Advanced Order Export For WooCommerce: from n/a up to and including 3.4.4.
NA
CVE-2024-3733
The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_woo_pagination_product_a...
NA
CVE-2024-32675
Missing Authorization vulnerability in Xfinity Soft Order Limit for WooCommerce.This issue affects Order Limit for WooCommerce: from n/a up to and including 2.0.0.
NA
CVE-2024-32678
Missing Authorization vulnerability in TrackShip TrackShip for WooCommerce.This issue affects TrackShip for WooCommerce: from n/a up to and including 1.7.5.
NA
CVE-2024-32699
Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a up to and including 2.37.0.
NA
CVE-2024-32834
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebToffee WooCommerce Shipping Label allows Stored XSS.This issue affects WooCommerce Shipping Label: from n/a up to and including 2.3.8.
NA
CVE-2024-32781
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeHigh Email Customizer for WooCommerce.This issue affects Email Customizer for WooCommerce: from n/a up to and including 2.6.0.
NA
CVE-2024-32803
Server-Side Request Forgery (SSRF) vulnerability in 2day.Sk, Webikon SuperFaktura WooCommerce.This issue affects SuperFaktura WooCommerce: from n/a up to and including 1.40.3.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »