Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
3267039.8%CRITICAL

Related CVEs

67
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-5062The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.MEDIUM6.130.8%May 22, 2025
CVE-2024-9944The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.MEDIUM6.145.8%Oct 15, 2024
CVE-2023-35049Missing Authorization vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.4.0.CRITICAL9.844.9%Jun 19, 2024
CVE-2023-51497Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9.MEDIUM5.423.1%Jun 14, 2024
CVE-2023-51496Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.MEDIUM5.323.0%Jun 14, 2024
CVE-2023-51495Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.MEDIUM6.527.4%Jun 14, 2024
CVE-2024-37297WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature.MEDIUM5.438.0%Jun 12, 2024
CVE-2023-34003Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.MEDIUM5.326.7%Jun 9, 2024
CVE-2023-51494Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.CRITICAL9.828.4%Jun 9, 2024
CVE-2023-44999Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.0.HIGH8.812.5%Mar 27, 2024
CVE-2024-24799Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2.HIGH8.839.3%Mar 26, 2024
CVE-2024-27193Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India payu-india allows DOM-Based XSS.This issue affects PayU India: from n/a through <= 3.8.8.MEDIUM6.127.6%Mar 15, 2024
CVE-2022-0775The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary commentMEDIUM4.347.5%Jan 16, 2024
CVE-2023-52222Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.HIGH8.820.4%Jan 8, 2024
CVE-2023-32795Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.HIGH7.247.4%Dec 28, 2023
CVE-2023-32799Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3.MEDIUM6.541.6%Dec 21, 2023
CVE-2023-33318Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.HIGH8.852.4%Dec 20, 2023
CVE-2023-33330Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50.HIGH8.146.3%Dec 20, 2023
CVE-2023-32743Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1.MEDIUM4.945.0%Dec 20, 2023
CVE-2023-32794Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.HIGH8.822.0%Nov 9, 2023