Vulnerabilities > Woocommerce > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2023-51494 Missing Authorization vulnerability in Woocommerce Product Vendors
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.
network
low complexity
woocommerce CWE-862
critical
 9.8
9.8
2021-04-05 CVE-2021-24212 Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Help Scout
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
network
low complexity
woocommerce CWE-434
critical
 9.8
9.8