Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-46858
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions.
Product Specifications For Woocommerce Project Product Specifications For Woocommerce 0.6.0
9.8
CVSSv3
CVE-2022-0814
The Ubigeo de Perú para Woocommerce WordPress plugin prior to 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
Ubigeo De Peru Para Woocommerce Project Ubigeo De Peru Para Woocommerce
8.8
CVSSv3
CVE-2022-30998
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.
Homepage Product Organizer For Woocommerce Project Homepage Product Organizer For Woocommerce
8.8
CVSSv3
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p...
Xootix Waitlist Woocommerce
Xootix Side Cart Woocommerce
Xootix Login/signup Popup
6.1
CVSSv3
CVE-2021-42363
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.6.8.
Preview E-mails For Woocommerce Project Preview E-mails For Woocommerce
8.8
CVSSv3
CVE-2021-24846
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin prior to 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL inj...
Ni Woocommerce Custom Order Status Project Ni Woocommerce Custom Order Status
8.8
CVSSv3
CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin prior to 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such ...
Woocommerce Multiple Customer Addresses & Shipping Project Woocommerce Multiple Customer Addresses & Shipping
4.8
CVSSv3
CVE-2023-45072
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions.
Order Auto Complete For Woocommerce Project Order Auto Complete For Woocommerce
6.1
CVSSv3
CVE-2022-4329
The Product list Widget for Woocommerce WordPress plugin up to and including 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (s...
Product List Widget For Woocommerce Project Product List Widget For Woocommerce
NA
CVE-2014-4549
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin prior to 0.1.6.7 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.
Woocommerce Sagepay Direct Payment Gateway Project Woocommerce Sagepay Direct Payment Gateway
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »