Vulnerabilities > Woocommerce > Woocommerce > 5.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-0775 | Incorrect Authorization vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | 4.3 |
| 2024-01-08 | CVE-2023-52222 | Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | 8.8 |
| 2022-07-17 | CVE-2022-2099 | Improper Encoding or Escaping of Output vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | 4.8 |
| 2021-07-26 | CVE-2021-32790 | SQL Injection vulnerability in Woocommerce Woocommerce is an open source eCommerce plugin for WordPress. | 4.0 |
| 2021-05-17 | CVE-2021-24323 | Cross-site Scripting vulnerability in Woocommerce When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled | 3.5 |