Vulnerabilities > Woocommerce > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-09 CVE-2023-51494 Missing Authorization vulnerability in Woocommerce Product Vendors
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.
network
low complexity
woocommerce CWE-862
critical
 9.8
9.8
2021-04-05 CVE-2021-24171 Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Upload Files
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php.
network
low complexity
woocommerce CWE-434
critical
 9.8
9.8