Woocommerce

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-32745 1Woocommerce 1Automatewoo Apr 28, 2026 Nov 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.
CVE-2023-32744 1Woocommerce 1Product Recommendations Apr 28, 2026 Nov 9, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.
CVE-2023-34004 1Woocommerce 1Woocommerce Box Office Nov 21, 2024 Aug 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
CVE-2023-33317 1Woocommerce 1Returns And Warranty Requests Nov 21, 2024 Aug 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
CVE-2023-32802 1Woocommerce 1Woocommerce Pre Orders Nov 21, 2024 Aug 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.
CVE-2023-32801 1Woocommerce 1Composite Products Nov 21, 2024 Aug 30, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.
CVE-2023-32793 1Woocommerce 1Woocommerce Pre Orders Nov 21, 2024 Aug 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.
CVE-2023-32746 1Woocommerce 1Woocommerce Brands Nov 21, 2024 Aug 30, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.
CVE-2023-32575 1Woocommerce 1Woocommerce Nov 21, 2024 Aug 25, 2023 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.
CVE-2023-37873 1Woocommerce 1Shipping Multiple Addresses Nov 21, 2024 Aug 5, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-3508 1Woocommerce 1Woocommerce Pre Orders Apr 23, 2025 Jul 31, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date,...Show more The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacksShow less
CVE-2023-3507 1Woocommerce 1Woocommerce Pre Orders Apr 23, 2025 Jul 31, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
CVE-2023-36514 1Woocommerce 1Shipping Multiple Addresses Nov 21, 2024 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-36513 1Woocommerce 1Automatewoo Nov 21, 2024 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVE-2023-36511 1Woocommerce 1Woocommerce Order Barcodes Nov 21, 2024 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVE-2023-35880 1Woocommerce 1Brands Nov 21, 2024 Jul 17, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
CVE-2023-35918 1Woocommerce 1Bulk Stock Management Nov 21, 2024 Jun 22, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
CVE-2023-35917 1Woocommerce 1Paypal Payments Nov 21, 2024 Jun 22, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
CVE-2023-34000 1Woocommerce 1Stripe Payment Gateway Nov 21, 2024 Jun 14, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.
CVE-2015-10115 1Woocommerce 1Sidebar Manager To Woosidebars Converter Nov 21, 2024 Jun 5, 2023 N/A· v4 6.1 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sb...Show more A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655.Show less

Previous 123 4 Next