Filtered by vendor Woocommerce
Subscribe
Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2099 | 1 Woocommerce | 1 Woocommerce | 2023-11-07 | 3.5 LOW | 4.8 MEDIUM |
| The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | |||||
| CVE-2023-33317 | 1 Woocommerce | 1 Returns And Warranty Requests | 2023-09-01 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. | |||||
| CVE-2023-34004 | 1 Woocommerce | 1 Woocommerce Box Office | 2023-09-01 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. | |||||
| CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2023-08-31 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | |||||
| CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2023-08-31 | N/A | 5.4 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | |||||
| CVE-2023-32801 | 1 Woocommerce | 1 Composite Products | 2023-08-31 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | |||||
| CVE-2023-32802 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2023-08-31 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | |||||
| CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2023-08-28 | N/A | 4.8 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | |||||
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-08-09 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-36511 | 1 Woocommerce | 1 Woocommerce Order Barcodes | 2023-07-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | |||||
| CVE-2023-36514 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-07-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-36513 | 1 Woocommerce | 1 Automatewoo | 2023-07-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | |||||
| CVE-2023-35880 | 1 Woocommerce | 1 Brands | 2023-07-26 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | |||||
| CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2023-06-28 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | |||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2023-06-28 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | |||||
| CVE-2023-34000 | 1 Woocommerce | 1 Stripe Payment Gateway | 2023-06-21 | N/A | 7.5 HIGH |
| Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | |||||
| CVE-2023-33316 | 1 Woocommerce | 1 Automatewoo | 2023-06-01 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | |||||
| CVE-2023-33319 | 1 Woocommerce | 1 Automatewoo | 2023-06-01 | N/A | 6.1 MEDIUM |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | |||||
| CVE-2021-24171 | 1 Woocommerce | 1 Upload Files | 2022-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. | |||||
| CVE-2021-24940 | 1 Woocommerce | 1 Persian-woocommerce | 2022-03-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue | |||||