Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-24938
The WOOCS WordPress plugin prior to 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue
Woocommerce Woocommerce Currency Switcher
6.5
CVSSv3
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow malicious users to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Woocommerce Woocommerce Pre-orders
6.5
CVSSv3
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin prior to 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow malicious users to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complet...
Woocommerce Woocommerce Pre-orders
6.1
CVSSv3
CVE-2016-10987
The persian-woocommerce-sms plugin prior to 3.3.4 for WordPress has ps_sms_numbers XSS.
Woocommerce Persian Woocommerce Sms
8.8
CVSSv3
CVE-2022-4017
The Booster for WooCommerce WordPress plugin prior to 6.0.1, Booster Plus for WooCommerce WordPress plugin prior to 6.0.1, Booster Elite for WooCommerce WordPress plugin prior to 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing mali...
Booster Booster For Woocommerce
Booster Booster Elite Woocommerce
Booster Booster Plus Woocommerce
9.8
CVSSv3
CVE-2018-8710
A remote code execution issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any aut...
Woocommerce-filter Woocommerce Products Filter
9.8
CVSSv3
CVE-2018-8711
A local file inclusion issue exists in the WooCommerce Products Filter (aka WOOF) plugin prior to 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The vulnerability is due to the lack of args/input validation on render_html before allo...
Woocommerce-filter Woocommerce Products Filter
5.4
CVSSv3
CVE-2023-47777
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a up to and including 8.1.1; WooCommerce Blocks: from n/a...
Automattic Woocommerce
Automattic Woocommerce Blocks
6.5
CVSSv3
CVE-2023-2179
The WooCommerce Order Status Change Notifier WordPress plugin up to and including 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arb...
Woocommerce Woocommerce Order Status Change Notifier
6.1
CVSSv3
CVE-2022-4227
The Booster for WooCommerce WordPress plugin prior to 5.6.3, Booster Plus for WooCommerce WordPress plugin prior to 6.0.0, Booster Elite for WooCommerce WordPress plugin prior to 6.0.0 do not escape some URLs and parameters before outputting them back in attributes, leading to Re...
Booster Booster For Woocommerce
Booster Booster Elite For Woocommerce
Booster Booster Plus For Woocommerce
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »