Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-14796
The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter.
Mq-woocommerce-products-price-bulk-edit Project Mq-woocommerce-products-price-bulk-edit 2.0
6.1
CVSSv3
CVE-2023-22710
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.
Return And Warranty Management System For Woocommerce Project Return And Warranty Management System For Woocommerce
5.4
CVSSv3
CVE-2023-0068
The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin up to and including 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role an...
Product Gtin \\(ean\\, Upc\\, Isbn\\) For Woocommerce Project Product Gtin \\(ean\\, Upc\\, Isbn\\) For Woocommerce
8.1
CVSSv3
CVE-2022-3999
The DPD Baltic Shipping WordPress plugin prior to 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.
Dpdgroup Woocommerce Shipping
4.8
CVSSv3
CVE-2022-4000
The WooCommerce Shipping WordPress plugin up to and including 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
Dpdgroup Woocommerce Shipping
6.1
CVSSv3
CVE-2022-0818
The WooCommerce Affiliate Plugin WordPress plugin prior to 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated malicious user to inject malicious XSS payloads into the setti...
Yithemes Woocommerce Affiliate
9.8
CVSSv3
CVE-2023-51502
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a up to and including 7.6.1.
Automattic Woocommerce Stripe
6.1
CVSSv3
CVE-2023-30475
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.
Couponaffiliates Woocommerce Affiliate
8.8
CVSSv3
CVE-2023-47787
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 2.0.3.
Automattic Woocommerce Bookings
8.1
CVSSv3
CVE-2023-35876
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a up to and including 3.8.1.
Automattic Woocommerce Square
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »