Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce woocommerce vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35914
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a up to and including 5.1.2.
Automattic Woocommerce Subscriptions
NA
CVE-2023-32801
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.
Woocommerce Composite Products
NA
CVE-2015-10113
A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The atta...
Woocommerce Wooframework Tweaks
383
VMScore
CVE-2022-0818
The WooCommerce Affiliate Plugin WordPress plugin prior to 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated malicious user to inject malicious XSS payloads into the setti...
Yithemes Woocommerce Affiliate
668
VMScore
CVE-2021-24171
The WooCommerce Upload Files WordPress plugin prior to 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked&qu...
Woocommerce Upload Files
NA
CVE-2022-3999
The DPD Baltic Shipping WordPress plugin prior to 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog unavailable.
Dpdgroup Woocommerce Shipping
NA
CVE-2022-4000
The WooCommerce Shipping WordPress plugin up to and including 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ...
Dpdgroup Woocommerce Shipping
NA
CVE-2022-3481
The WooCommerce Dropshipping WordPress plugin prior to 4.4 does not properly sanitise and escape a parameter before using it in a SQL statement via a REST endpoint available to unauthenticated users, leading to a SQL injection
Opmc Woocommerce Dropshipping
NA
CVE-2023-32747
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a up to and including 1.15.78.
Automattic Woocommerce Bookings
NA
CVE-2023-32795
Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a up to and including 6.1.3.
Woocommerce Product Addons
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »