Vulnerabilities > Woocommerce > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-26 | CVE-2021-32790 | SQL Injection vulnerability in Woocommerce Woocommerce is an open source eCommerce plugin for WordPress. | 4.9 |
| 2021-05-17 | CVE-2021-24323 | Cross-site Scripting vulnerability in Woocommerce When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled | 4.8 |
| 2020-12-27 | CVE-2020-29156 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action. | 5.3 |
| 2020-07-23 | CVE-2019-18834 | Cross-site Scripting vulnerability in Woocommerce Subscriptions Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php. | 6.1 |
| 2019-09-17 | CVE-2016-10987 | Cross-site Scripting vulnerability in Woocommerce Persian Woocommerce SMS The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | 6.1 |
| 2019-08-29 | CVE-2019-14979 | Improper Input Validation vulnerability in Woocommerce Paypal Checkout Payment Gateway 1.6.17 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. | 5.3 |
| 2019-08-29 | CVE-2019-14978 | Improper Input Validation vulnerability in Woocommerce Payu India Payment Gateway 2.1.1 /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. | 5.3 |
| 2019-03-21 | CVE-2019-7441 | Unspecified vulnerability in Woocommerce Paypal Checkout Payment Gateway 1.6.8 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. | 6.5 |
| 2019-02-26 | CVE-2019-9168 | Cross-site Scripting vulnerability in Woocommerce WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | 6.1 |
| 2018-02-08 | CVE-2015-2329 | Cross-site Scripting vulnerability in Woocommerce Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | 6.1 |