Vulnerabilities > Woocommerce > Woocommerce > 6.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-9944 | Cross-site Scripting vulnerability in Woocommerce The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. | 6.1 |
| 2024-01-08 | CVE-2023-52222 | Unspecified vulnerability in Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | 8.8 |
| 2022-07-17 | CVE-2022-2099 | Improper Encoding or Escaping of Output vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | 4.8 |