Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33332
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.
Woocommerce Product Vendors Project Woocommerce Product Vendors
356
VMScore
CVE-2021-24928
The Rearrange Woocommerce Products WordPress plugin prior to 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such...
Rearrange Woocommerce Products Project Rearrange Woocommerce Products
NA
CVE-2023-48327
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooComm...
Wcvendors Woocommerce Multi-vendor, Woocommerce Marketplace, Product Vendors
NA
CVE-2023-3525
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated malicious users to set their payment ...
Getnet Argentina Para Woocommerce Project Getnet Argentina Para Woocommerce
570
VMScore
CVE-2022-1953
The Product Configurator for WooCommerce WordPress plugin prior to 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation...
Product Configurator For Woocommerce Project Product Configurator For Woocommerce
383
VMScore
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin up to and including 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer
NA
CVE-2023-37975
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.
Variation Swatches For Woocommerce Project Variation Swatches For Woocommerce
NA
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin up to and including 2.0.4 lacks nonce check when updating its settings, which could allow malicious user to make a logged in admin change them via a CSRF attack.
Yotpo Reviews For Woocommerce Project Yotpo Reviews For Woocommerce
1 Github repository
312
VMScore
CVE-2021-42367
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to...
Variation Swatches For Woocommerce Project Variation Swatches For Woocommerce
NA
CVE-2024-35726
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a up to and including 3.4.19.
Themekraft Buddypress Woocommerce My Account Integration. Create Woocommerce Member Pages
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »