Vulnerabilities > Woocommerce

DATE CVE VULNERABILITY TITLE RISK
2020-08-26 CVE-2020-11497 Improper Validation of Integrity Check Value vulnerability in Woocommerce NAB Transact 2.1.0
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress.
network
low complexity
woocommerce CWE-354
7.5
2020-07-23 CVE-2019-18834 Cross-site Scripting vulnerability in Woocommerce Subscriptions
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
network
low complexity
woocommerce CWE-79
6.1
2020-06-19 CVE-2019-20891 Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
network
low complexity
woocommerce CWE-352
8.8
2019-09-17 CVE-2016-10987 Cross-site Scripting vulnerability in Woocommerce Persian Woocommerce SMS
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.
network
low complexity
woocommerce CWE-79
6.1
2019-08-29 CVE-2019-14979 Improper Input Validation vulnerability in Woocommerce Paypal Checkout Payment Gateway 1.6.17
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.
network
low complexity
woocommerce CWE-20
5.3
2019-08-29 CVE-2019-14978 Improper Input Validation vulnerability in Woocommerce Payu India Payment Gateway 2.1.1
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.
network
low complexity
woocommerce CWE-20
5.3
2019-03-21 CVE-2019-7441 Unspecified vulnerability in Woocommerce Paypal Checkout Payment Gateway 1.6.8
cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price.
network
low complexity
woocommerce
6.5
2019-02-26 CVE-2019-9168 Cross-site Scripting vulnerability in Woocommerce
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
network
low complexity
woocommerce CWE-79
6.1
2019-01-15 CVE-2018-20714 Path Traversal vulnerability in Woocommerce
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability.
network
low complexity
woocommerce CWE-22
8.1
2019-01-15 CVE-2017-18356 Code Injection vulnerability in Woocommerce
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges.
network
low complexity
woocommerce CWE-94
8.8