Vulnerabilities > Woocommerce > Woocommerce

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-9944 Cross-site Scripting vulnerability in Woocommerce
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2.
network
low complexity
woocommerce CWE-79
6.1
2024-06-12 CVE-2024-37297 Cross-site Scripting vulnerability in Woocommerce
WooCommerce is an open-source e-commerce platform built on WordPress.
network
low complexity
woocommerce CWE-79
5.4
2024-01-16 CVE-2022-0775 Incorrect Authorization vulnerability in Woocommerce
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
network
low complexity
woocommerce CWE-863
4.3
2024-01-08 CVE-2023-52222 Unspecified vulnerability in Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
network
low complexity
woocommerce
8.8
2023-08-25 CVE-2023-32575 Unspecified vulnerability in Woocommerce
Auth.
network
low complexity
woocommerce
4.8
2022-07-17 CVE-2022-2099 Improper Encoding or Escaping of Output vulnerability in Woocommerce
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
network
low complexity
woocommerce CWE-116
4.8
2021-07-26 CVE-2021-32790 SQL Injection vulnerability in Woocommerce
Woocommerce is an open source eCommerce plugin for WordPress.
network
low complexity
woocommerce CWE-89
4.9
2021-05-17 CVE-2021-24323 Unspecified vulnerability in Woocommerce
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled
network
low complexity
woocommerce
4.8
2020-12-27 CVE-2020-29156 Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.
network
low complexity
woocommerce CWE-639
5.3
2020-06-19 CVE-2019-20891 Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.
network
low complexity
woocommerce CWE-352
8.8