Vulnerabilities > Woocommerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-12 | CVE-2024-37297 | Cross-site Scripting vulnerability in Woocommerce WooCommerce is an open-source e-commerce platform built on WordPress. | 5.4 |
| 2024-01-16 | CVE-2022-0775 | Incorrect Authorization vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | 4.3 |
| 2023-12-21 | CVE-2023-32799 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Shipping multiple Addresses Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | 6.5 |
| 2023-12-20 | CVE-2023-32743 | SQL Injection vulnerability in Woocommerce Automatewoo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1. | 4.9 |
| 2023-08-30 | CVE-2023-34004 | Cross-site Scripting vulnerability in Woocommerce BOX Office Auth. | 5.4 |
| 2023-08-30 | CVE-2023-33317 | Cross-site Scripting vulnerability in Woocommerce Returns and Warranty Requests Unauth. | 6.1 |
| 2023-08-30 | CVE-2023-32746 | Cross-site Scripting vulnerability in Woocommerce Brands 1.6.45 Auth. | 5.4 |
| 2023-08-30 | CVE-2023-32793 | Cross-site Scripting vulnerability in Woocommerce Pre-Orders 1.9.0/2.0.0 Auth. | 5.4 |
| 2023-08-30 | CVE-2023-32801 | Cross-site Scripting vulnerability in Woocommerce Composite products 8.7.5 Unauth. | 6.1 |
| 2023-08-30 | CVE-2023-32802 | Cross-site Scripting vulnerability in Woocommerce Pre-Orders 1.9.0 Unauth. | 6.1 |