Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2016-10987
The persian-woocommerce-sms plugin prior to 3.3.4 for WordPress has ps_sms_numbers XSS.
Woocommerce Persian Woocommerce Sms
8.8
CVSSv3
CVE-2023-36511
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
Woocommerce Woocommerce Order Barcodes
5.4
CVSSv3
CVE-2023-32793
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
Woocommerce Woocommerce Pre-orders
6.1
CVSSv3
CVE-2023-32802
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
Woocommerce Woocommerce Pre-orders
8.8
CVSSv3
CVE-2022-4017
The Booster for WooCommerce WordPress plugin prior to 6.0.1, Booster Plus for WooCommerce WordPress plugin prior to 6.0.1, Booster Elite for WooCommerce WordPress plugin prior to 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing mali...
Booster Booster For Woocommerce
Booster Booster Elite Woocommerce
Booster Booster Plus Woocommerce
5.4
CVSSv3
CVE-2023-47777
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a up to and including 8.1.1; WooCommerce Blocks: from n/a...
Automattic Woocommerce
Automattic Woocommerce Blocks
9.8
CVSSv3
CVE-2018-8711
A local file inclusion issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allo...
Woocommerce-filter Woocommerce Products Filter
9.8
CVSSv3
CVE-2018-8710
A remote code execution issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any aut...
Woocommerce-filter Woocommerce Products Filter
6.5
CVSSv3
CVE-2023-2179
The WooCommerce Order Status Change Notifier WordPress plugin up to and including 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arb...
Woocommerce Woocommerce Order Status Change Notifier
6.1
CVSSv3
CVE-2022-4227
The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin prior to 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Re...
Booster Booster For Woocommerce
Booster Booster Elite For Woocommerce
Booster Booster Plus For Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »