Vulnerabilities > Woocommerce

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2022-0775	Incorrect Authorization vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment network low complexity woocommerce CWE-863	4.3
2024-01-08	CVE-2023-52222	Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. network low complexity woocommerce CWE-352	8.8
2023-12-28	CVE-2023-32795	Deserialization of Untrusted Data vulnerability in Woocommerce Product Addons Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. network low complexity woocommerce CWE-502	7.2
2023-12-21	CVE-2023-32799	Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Shipping multiple Addresses Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. network low complexity woocommerce CWE-639	6.5
2023-12-20	CVE-2023-33318	Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Automatewoo Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. network low complexity woocommerce CWE-434	8.8
2023-12-20	CVE-2023-32743	SQL Injection vulnerability in Woocommerce Automatewoo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1. network low complexity woocommerce CWE-89	4.9
2023-12-20	CVE-2023-33330	SQL Injection vulnerability in Woocommerce Automatewoo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. network low complexity woocommerce CWE-89	8.1
2023-11-09	CVE-2023-32744	Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Product Recommendations Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. network low complexity woocommerce CWE-352	8.8
2023-11-09	CVE-2023-32745	Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Automatewoo Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. network low complexity woocommerce CWE-352	8.8
2023-11-09	CVE-2023-32794	Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Product Addons Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. network low complexity woocommerce CWE-352	8.8

Vulnerabilities > Woocommerce {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Woocommerce"}]}

Vulnerabilities > Woocommerce