Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-24938
The WOOCS WordPress plugin prior to 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Woocommerce Woocommerce Currency Switcher
NA
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow malicious users to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Woocommerce Woocommerce Pre-orders
NA
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow malicious users to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complet...
Woocommerce Woocommerce Pre-orders
383
VMScore
CVE-2016-10987
The persian-woocommerce-sms plugin prior to 3.3.4 for WordPress has ps_sms_numbers XSS.
Woocommerce Persian Woocommerce Sms
NA
CVE-2022-4017
The Booster for WooCommerce WordPress plugin prior to 6.0.1, Booster Plus for WooCommerce WordPress plugin prior to 6.0.1, Booster Elite for WooCommerce WordPress plugin prior to 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing mali...
Booster Booster For Woocommerce
Booster Booster Elite Woocommerce
Booster Booster Plus Woocommerce
668
VMScore
CVE-2018-8710
A remote code execution issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any aut...
Woocommerce-filter Woocommerce Products Filter
668
VMScore
CVE-2018-8711
A local file inclusion issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allo...
Woocommerce-filter Woocommerce Products Filter
NA
CVE-2023-47777
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a up to and including 8.1.1; WooCommerce Blocks: from n/a...
Automattic Woocommerce
Automattic Woocommerce Blocks
NA
CVE-2023-2179
The WooCommerce Order Status Change Notifier WordPress plugin up to and including 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arb...
Woocommerce Woocommerce Order Status Change Notifier
NA
CVE-2022-4227
The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin prior to 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Re...
Booster Booster For Woocommerce
Booster Booster Elite For Woocommerce
Booster Booster Plus For Woocommerce
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »