Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-33330
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a up to and including 4.9.50.
Woocommerce Automatewoo
8.8
CVSSv3
CVE-2023-35880
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
Woocommerce Brands
8.8
CVSSv3
CVE-2023-25788
Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.
Saphali Woocommerce
6.1
CVSSv3
CVE-2019-18834
Persistent XSS in the WooCommerce Subscriptions plugin prior to 2.6.3 for WordPress allows remote malicious users to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
Woocommerce Subscriptions
8.8
CVSSv3
CVE-2023-36513
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
Woocommerce Automatewoo
NA
CVE-2015-2069
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin prior to 2.2.11 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.
Woothemes Woocommerce
6.1
CVSSv3
CVE-2015-10114
A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to o...
Woocommerce Woosidebars
7.5
CVSSv3
CVE-2017-17058
The WooCommerce plugin up to and including 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possibl...
Automattic Woocommerce
1 EDB exploit
7.5
CVSSv3
CVE-2018-20782
The GloBee plugin prior to 1.1.2 for WooCommerce mishandles IPN messages.
Globee Woocommerce
1 EDB exploit
8.8
CVSSv3
CVE-2017-18356
In the Automattic WooCommerce plugin prior to 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP obj...
Automattic Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »