Facebook For Woocommerce
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15841 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2019 | The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | ||
| CVE-2019-15840 | Hig | 0.57 | 8.8 | 0.01 | Aug 30, 2019 | The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | ||
| CVE-2026-49059 | Med | 0.31 | 4.7 | 0.00 | May 27, 2026 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0. | ||
| CVE-2025-64296 | Med | 0.27 | 5.3 | 0.00 | Oct 29, 2025 | Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through <= 3.5.7. |
- risk 0.57cvss 8.8epss 0.01
The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility.
- risk 0.57cvss 8.8epss 0.01
The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF.
- risk 0.31cvss 4.7epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
- risk 0.27cvss 5.3epss 0.00
Missing Authorization vulnerability in Facebook Facebook for WooCommerce facebook-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Facebook for WooCommerce: from n/a through <= 3.5.7.