Woocommerce : Security Vulnerabilities
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
Max Base Score
7.1
Published
2023-08-05
Updated
2023-08-09
EPSS
0.05%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
Max Base Score
8.8
Published
2023-07-17
Updated
2023-07-27
EPSS
0.06%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
Max Base Score
8.8
Published
2023-07-17
Updated
2023-07-27
EPSS
0.06%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
Max Base Score
8.8
Published
2023-07-17
Updated
2023-07-27
EPSS
0.06%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
Max Base Score
7.1
Published
2023-06-22
Updated
2023-06-28
EPSS
0.05%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Max Base Score
8.8
Published
2023-06-22
Updated
2023-06-28
EPSS
0.06%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
Max Base Score
8.8
Published
2023-07-17
Updated
2023-07-26
EPSS
0.06%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
Max Base Score
6.5
Published
2023-08-30
Updated
2023-09-01
EPSS
0.05%
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.
Max Base Score
7.5
Published
2023-06-14
Updated
2023-06-21
EPSS
0.08%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
Max Base Score
7.1
Published
2023-05-28
Updated
2023-06-01
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
Max Base Score
7.1
Published
2023-08-30
Updated
2023-09-01
EPSS
0.05%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
Max Base Score
8.8
Published
2023-05-28
Updated
2023-06-01
EPSS
0.06%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
Max Base Score
7.1
Published
2023-08-30
Updated
2023-08-31
EPSS
0.05%
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.
Max Base Score
7.1
Published
2023-08-30
Updated
2023-08-31
EPSS
0.05%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.
Max Base Score
8.8
Published
2023-11-09
Updated
2023-11-15
EPSS
0.06%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
Max Base Score
6.5
Published
2023-08-30
Updated
2023-08-31
EPSS
0.05%
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
Max Base Score
6.5
Published
2023-08-30
Updated
2023-08-31
EPSS
0.05%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.
Max Base Score
8.8
Published
2023-11-09
Updated
2023-11-15
EPSS
0.06%
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.
Max Base Score
8.8
Published
2023-11-09
Updated
2023-11-15
EPSS
0.06%
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.
Max Base Score
5.9
Published
2023-08-25
Updated
2023-08-28
EPSS
0.05%
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks
Max Base Score
6.5
Published
2023-07-31
Updated
2023-08-03
EPSS
0.05%
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
Max Base Score
6.5
Published
2023-07-31
Updated
2023-08-03
EPSS
0.05%
The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example
Max Base Score
6.5
Published
2023-05-15
Updated
2023-05-23
EPSS
0.05%
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
Max Base Score
4.8
Published
2022-07-17
Updated
2023-07-04
EPSS
0.06%
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a patch for this vulnerability. There are no known workarounds other than upgrading.
Max Base Score
4.9
Published
2021-07-26
Updated
2021-08-04
EPSS
0.07%