Vendor CVEs
WooCommerce
All CVEs
62 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35676 | 0.00 | — | 0.00 | Jun 8, 2024 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7. | |||
| CVE-2023-4703 | 0.00 | — | 0.01 | Jan 16, 2024 | The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation. | |||
| CVE-2023-32746 | 0.00 | — | 0.00 | Aug 30, 2023 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | |||
| CVE-2023-37873 | 0.00 | — | 0.00 | Aug 5, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||
| CVE-2023-36514 | 0.00 | — | 0.00 | Jul 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||
| CVE-2023-36513 | 0.00 | — | 0.00 | Jul 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | |||
| CVE-2023-35880 | 0.00 | — | 0.00 | Jul 17, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | |||
| CVE-2023-34000 | 0.00 | — | 0.01 | Jun 14, 2023 | Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | |||
| CVE-2021-32790 | 0.00 | — | 0.01 | Jul 26, 2021 | Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can… | |||
| CVE-2019-9168 | 0.00 | — | 0.01 | Feb 26, 2019 | WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | |||
| CVE-2017-18356 | 0.00 | — | 0.02 | Jan 15, 2019 | In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP… | |||
| CVE-2018-20714 | 0.00 | — | 0.02 | Jan 15, 2019 | The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate… |
- CVE-2024-35676Jun 8, 2024risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through 1.7.
- CVE-2023-4703Jan 16, 2024risk 0.00cvss —epss 0.01
The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.
- CVE-2023-32746Aug 30, 2023risk 0.00cvss —epss 0.00
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
- CVE-2023-37873Aug 5, 2023risk 0.00cvss —epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
- CVE-2023-36514Jul 17, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
- CVE-2023-36513Jul 17, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
- CVE-2023-35880Jul 17, 2023risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
- CVE-2023-34000Jun 14, 2023risk 0.00cvss —epss 0.01
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.
- CVE-2021-32790Jul 26, 2021risk 0.00cvss —epss 0.01
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can…
- CVE-2019-9168Feb 26, 2019risk 0.00cvss —epss 0.01
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
- CVE-2017-18356Jan 15, 2019risk 0.00cvss —epss 0.02
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP…
- CVE-2018-20714Jan 15, 2019risk 0.00cvss —epss 0.02
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate…
Page 2 of 2