Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-36513
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
Woocommerce Automatewoo
6.1
CVSSv3
CVE-2015-10114
A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to o...
Woocommerce Woosidebars
NA
CVE-2015-2069
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin prior to 2.2.11 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.
Woothemes Woocommerce
8.8
CVSSv3
CVE-2017-18356
In the Automattic WooCommerce plugin prior to 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP obj...
Automattic Woocommerce
7.5
CVSSv3
CVE-2018-20782
The GloBee plugin prior to 1.1.2 for WooCommerce mishandles IPN messages.
Globee Woocommerce
1 EDB exploit
7.5
CVSSv3
CVE-2017-17058
The WooCommerce plugin up to and including 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possibl...
Automattic Woocommerce
1 EDB exploit
4.9
CVSSv3
CVE-2023-32743
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a up to and including 5.7.1.
Woocommerce Automatewoo
8.8
CVSSv3
CVE-2023-32745
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.
Woocommerce Automatewoo
8.8
CVSSv3
CVE-2023-25788
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.
Saphali Woocommerce
6.1
CVSSv3
CVE-2019-18834
Persistent XSS in the WooCommerce Subscriptions plugin prior to 2.6.3 for WordPress allows remote malicious users to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
Woocommerce Subscriptions
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »