Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-32744
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.
Woocommerce Product Recommendations
7.2
CVSSv3
CVE-2023-32795
Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a up to and including 6.1.3.
Woocommerce Product Addons
8.1
CVSSv3
CVE-2022-3999
The DPD Baltic Shipping WordPress plugin prior to 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.
Dpdgroup Woocommerce Shipping
8.8
CVSSv3
CVE-2023-47787
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 2.0.3.
Automattic Woocommerce Bookings
6.1
CVSSv3
CVE-2022-0818
The WooCommerce Affiliate Plugin WordPress plugin prior to 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated malicious user to inject malicious XSS payloads into the setti...
Yithemes Woocommerce Affiliate
6.1
CVSSv3
CVE-2023-41691
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
Pensopay Woocommerce Pensopay
4.8
CVSSv3
CVE-2022-4000
The WooCommerce Shipping WordPress plugin up to and including 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
Dpdgroup Woocommerce Shipping
7.5
CVSSv3
CVE-2023-37871
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This issue affects GoCardless: from n/a up to and including 2.5.6.
Automattic Woocommerce Gocardless
6.1
CVSSv3
CVE-2023-30475
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.
Couponaffiliates Woocommerce Affiliate
9.8
CVSSv3
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin prior to 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked&qu...
Woocommerce Upload Files
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »