Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
woocommerce vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-33332
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.
Woocommerce Product Vendors Project Woocommerce Product Vendors
6.5
CVSSv3
CVE-2021-24928
The Rearrange Woocommerce Products WordPress plugin prior to 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such...
Rearrange Woocommerce Products Project Rearrange Woocommerce Products
7.2
CVSSv3
CVE-2023-48327
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooComm...
Wcvendors Woocommerce Multi-vendor\\, Woocommerce Marketplace\\, Product Vendors
9.1
CVSSv3
CVE-2022-1953
The Product Configurator for WooCommerce WordPress plugin prior to 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation...
Product Configurator For Woocommerce Project Product Configurator For Woocommerce
6.1
CVSSv3
CVE-2023-37975
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.
Variation Swatches For Woocommerce Project Variation Swatches For Woocommerce
6.1
CVSSv3
CVE-2022-1470
The Ultimate WooCommerce CSV Importer WordPress plugin up to and including 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting
Ultimate Woocommerce Csv Importer Project Ultimate Woocommerce Csv Importer
7.5
CVSSv3
CVE-2023-3525
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated malicious users to set their payment ...
Getnet Argentina Para Woocommerce Project Getnet Argentina Para Woocommerce
5.4
CVSSv3
CVE-2021-42367
The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 2.1.1. Due to...
Variation Swatches For Woocommerce Project Variation Swatches For Woocommerce
6.5
CVSSv3
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin up to and including 2.0.4 lacks nonce check when updating its settings, which could allow malicious user to make a logged in admin change them via a CSRF attack.
Yotpo Reviews For Woocommerce Project Yotpo Reviews For Woocommerce
6.1
CVSSv3
CVE-2022-46858
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions.
Product Specifications For Woocommerce Project Product Specifications For Woocommerce 0.6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »