VYPR

Vendor CVEs

WooCommerce

All CVEs

62 total · sorted by risk
  • CVE-2024-35676Jun 8, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7.

  • CVE-2023-4703Jan 16, 2024
    risk 0.00cvss epss 0.01

    The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.

  • CVE-2023-32746Aug 30, 2023
    risk 0.00cvss epss 0.00

    Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.

  • CVE-2023-37873Aug 5, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

  • CVE-2023-36514Jul 17, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

  • CVE-2023-36513Jul 17, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.

  • CVE-2023-35880Jul 17, 2023
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.

  • CVE-2023-34000Jun 14, 2023
    risk 0.00cvss epss 0.01

    Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.

  • CVE-2021-32790Jul 26, 2021
    risk 0.00cvss epss 0.01

    Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can…

  • CVE-2019-9168Feb 26, 2019
    risk 0.00cvss epss 0.01

    WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.

  • CVE-2017-18356Jan 15, 2019
    risk 0.00cvss epss 0.02

    In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP…

  • CVE-2018-20714Jan 15, 2019
    risk 0.00cvss epss 0.02

    The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate…

Page 2 of 2