Vulnerabilities > Woocommerce > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-17 CVE-2023-35880 Unspecified vulnerability in Woocommerce Brands 1.6.49
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
network
low complexity
woocommerce
8.8
8.8
2023-06-22 CVE-2023-35917 Unspecified vulnerability in Woocommerce Paypal Payments
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
network
low complexity
woocommerce
8.8
8.8
2023-06-14 CVE-2023-34000 Unspecified vulnerability in Woocommerce Stripe Payment Gateway
Unauth.
network
low complexity
woocommerce
7.5
7.5
2023-05-28 CVE-2023-33316 Unspecified vulnerability in Woocommerce Automatewoo
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
network
low complexity
woocommerce
8.8
8.8
2020-12-28 CVE-2020-35627 Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Gift Cards 3.0.2
Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code.
network
low complexity
woocommerce CWE-434
8.8
8.8
2020-08-26 CVE-2020-11497 Improper Validation of Integrity Check Value vulnerability in Woocommerce NAB Transact 2.1.0
An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress.
network
low complexity
woocommerce CWE-354
7.5
7.5
2020-06-19 CVE-2019-20891 Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
network
low complexity
woocommerce CWE-352
8.8
8.8
2019-01-15 CVE-2018-20714 Path Traversal vulnerability in Woocommerce
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability.
network
low complexity
woocommerce CWE-22
8.1
8.1
2019-01-15 CVE-2017-18356 Code Injection vulnerability in Woocommerce
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges.
network
low complexity
woocommerce CWE-94
8.8
8.8