Vulnerabilities > Woocommerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9944 | Cross-site Scripting vulnerability in Woocommerce The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. | 6.1 |
| 2024-06-14 | CVE-2023-51495 | Missing Authorization vulnerability in Woocommerce Returns and Warranty Requests Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | 6.5 |
| 2024-06-14 | CVE-2023-51496 | Missing Authorization vulnerability in Woocommerce Returns and Warranty Requests Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | 5.3 |
| 2024-06-14 | CVE-2023-51497 | Missing Authorization vulnerability in Woocommerce Shipping multiple Addresses Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. | 5.4 |
| 2024-06-12 | CVE-2024-37297 | Cross-site Scripting vulnerability in Woocommerce WooCommerce is an open-source e-commerce platform built on WordPress. | 5.4 |
| 2024-06-09 | CVE-2023-34003 | Missing Authorization vulnerability in Woocommerce BOX Office Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | 5.3 |
| 2024-01-16 | CVE-2022-0775 | Incorrect Authorization vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | 4.3 |
| 2023-12-21 | CVE-2023-32799 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Shipping multiple Addresses Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | 6.5 |
| 2023-12-20 | CVE-2023-32743 | SQL Injection vulnerability in Woocommerce Automatewoo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1. | 4.9 |
| 2023-08-30 | CVE-2023-34004 | Cross-site Scripting vulnerability in Woocommerce BOX Office Auth. | 5.4 |