Vulnerabilities > Woocommerce > Woocommerce > 6.5.0

DATE CVE VULNERABILITY TITLE RISK
2024-10-15 CVE-2024-9944 Cross-site Scripting vulnerability in Woocommerce
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2.
network
low complexity
woocommerce CWE-79
6.1
2024-01-08 CVE-2023-52222 Unspecified vulnerability in Woocommerce
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
network
low complexity
woocommerce
8.8
2022-07-17 CVE-2022-2099 Improper Encoding or Escaping of Output vulnerability in Woocommerce
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
network
low complexity
woocommerce CWE-116
4.8