VYPR

WooCommerce

by WordPress

Source repositories

CVEs (31)

  • CVE-2022-0775MedJan 16, 2024
    risk 0.21cvss 4.3epss 0.01

    The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

  • CVE-2024-35777LowJul 9, 2024
    risk 0.16cvss 3.5epss 0.00

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.

  • CVE-2022-50972Jun 20, 2026
    risk 0.00cvss epss 0.01

    WooCommerce 7.1.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary PHP code by injecting shell commands through the product-type parameter. Attackers can send requests to the class-wc-meta-box-product-images.php endpoint with unsanitized…

  • CVE-2025-5062May 22, 2025
    risk 0.00cvss epss 0.00

    The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This makes it possible for…

  • CVE-2024-13792Feb 20, 2025
    risk 0.00cvss epss 0.01

    The WooCommerce Food - Restaurant Menu & Food ordering plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.2. This is due to the software allowing users to execute an action that does not properly validate a value before…

  • CVE-2024-13694Jan 30, 2025
    risk 0.00cvss epss 0.01

    The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the download_pdf_file() function due to missing validation on a…

  • CVE-2024-10711Nov 5, 2024
    risk 0.00cvss epss 0.00

    The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to…

  • CVE-2024-9944Oct 15, 2024
    risk 0.00cvss epss 0.01

    The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject…

  • CVE-2024-1310Apr 15, 2024
    risk 0.00cvss epss 0.01

    The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)

  • CVE-2015-2069Feb 24, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.

  • CVE-2014-6313Oct 14, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php.

Page 2 of 2