Vulnerabilities > Woocommerce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-27 | CVE-2020-29156 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. | 5.3 |
| 2020-08-26 | CVE-2020-11497 | Improper Validation of Integrity Check Value vulnerability in Woocommerce NAB Transact 2.1.0 An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. | 7.5 |
| 2020-07-23 | CVE-2019-18834 | Cross-site Scripting vulnerability in Woocommerce Subscriptions Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. | 6.1 |
| 2020-06-19 | CVE-2019-20891 | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | 8.8 |
| 2019-09-17 | CVE-2016-10987 | Cross-site Scripting vulnerability in Woocommerce Persian Woocommerce SMS The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | 6.1 |
| 2019-08-29 | CVE-2019-14979 | Improper Input Validation vulnerability in Woocommerce Paypal Checkout Payment Gateway 1.6.17 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. | 5.3 |
| 2019-08-29 | CVE-2019-14978 | Improper Input Validation vulnerability in Woocommerce Payu India Payment Gateway 2.1.1 /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. | 5.3 |
| 2019-03-21 | CVE-2019-7441 | Unspecified vulnerability in Woocommerce Paypal Checkout Payment Gateway 1.6.8 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. | 6.5 |
| 2019-02-26 | CVE-2019-9168 | Cross-site Scripting vulnerability in Woocommerce WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | 6.1 |
| 2019-01-15 | CVE-2018-20714 | Path Traversal vulnerability in Woocommerce The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. | 8.1 |