Vulnerabilities > Woocommerce > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-17 | CVE-2023-35880 | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Brands 1.6.49 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | 8.8 |
| 2023-06-22 | CVE-2023-35917 | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Paypal Payments Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | 8.8 |
| 2023-06-14 | CVE-2023-34000 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Stripe Payment Gateway Unauth. | 7.5 |
| 2023-05-28 | CVE-2023-33316 | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Automatewoo Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | 8.8 |
| 2021-04-05 | CVE-2021-24212 | Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Help Scout The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. | 7.5 |
| 2020-12-28 | CVE-2020-35627 | Unrestricted Upload of File with Dangerous Type vulnerability in Woocommerce Gift Cards 3.0.2 Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. | 7.5 |
| 2019-01-15 | CVE-2017-18356 | Code Injection vulnerability in Woocommerce In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. | 8.8 |