Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-24846
The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin prior to 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL inj...
Ni Woocommerce Custom Order Status Project Ni Woocommerce Custom Order Status
4.3
CVSSv2
CVE-2014-4549
Multiple cross-site scripting (XSS) vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin prior to 0.1.6.7 for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) MD or (2) PARes parameter.
Woocommerce Sagepay Direct Payment Gateway Project Woocommerce Sagepay Direct Payment Gateway
NA
CVE-2022-4329
The Product list Widget for Woocommerce WordPress plugin up to and including 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against both unauthenticated and authenticated users (s...
Product List Widget For Woocommerce Project Product List Widget For Woocommerce
NA
CVE-2023-0865
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin prior to 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such ...
Woocommerce Multiple Customer Addresses & Shipping Project Woocommerce Multiple Customer Addresses & Shipping
NA
CVE-2022-30998
Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress.
Homepage Product Organizer For Woocommerce Project Homepage Product Organizer For Woocommerce
6.8
CVSSv2
CVE-2022-0215
The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ), and Side Cart Woocommerce (Ajax) WordPress plugins by XootiX are vulnerable to Cross-Site Request Forgery via the save_settings function found in the ~/includes/xoo-framework/admin/class-xoo-admin-settings.p...
Xootix Waitlist Woocommerce
Xootix Side Cart Woocommerce
Xootix Login/signup Popup
7.5
CVSSv2
CVE-2022-0814
The Ubigeo de Perú para Woocommerce WordPress plugin prior to 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections
Ubigeo De Peru Para Woocommerce Project Ubigeo De Peru Para Woocommerce
NA
CVE-2023-45072
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kardi Order auto complete for WooCommerce plugin <= 1.2.0 versions.
Order Auto Complete For Woocommerce Project Order Auto Complete For Woocommerce
4.3
CVSSv2
CVE-2021-42363
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.6.8.
Preview E-mails For Woocommerce Project Preview E-mails For Woocommerce
NA
CVE-2022-4888
The Checkout Fields Manager WordPress plugin prior to 1.0.2, Abandoned Cart Recovery WordPress plugin prior to 1.2.5, Custom Fields for WooCommerce WordPress plugin prior to 1.0.4, Custom Order Number WordPress plugin up to and including 1.0.1, Custom Registration Forms Builder W...
Addify Order Tracking For Woocommerce
Addify Order Approval For Woocommerce
Addify Image Watermark For Woocommerce
Addify Gift Registry For Woocommerce
Addify Advanced Free Gifts
Addify Custom Registration Forms Builder
Addify Custom Order Number
Addify Custom Fields For Woocommerce
Addify Abandoned Cart Recovery
Addify Checkout Fields Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »