Woocommerce

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14978 1Woocommerce 1Payu India Payment Gateway Nov 21, 2024 Aug 29, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intende...Show more /payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.Show less
CVE-2019-7441 1Woocommerce 1Paypal Checkout Payment Gateway Nov 21, 2024 Mar 21, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower...Show more cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” stateShow less
CVE-2019-9168 1Woocommerce 1Woocommerce Nov 21, 2024 Feb 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
CVE-2018-20714 1Woocommerce 1Woocommerce Nov 21, 2024 Jan 15, 2019 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not bein...Show more The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.Show less
CVE-2017-18356 1Woocommerce 1Woocommerce Nov 21, 2024 Jan 15, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a...Show more In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.Show less
CVE-2015-2329 1Woocommerce 1Woocommerce Nov 21, 2024 Feb 8, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
CVE-2016-10112 1Woocommerce 1Woocommerce May 6, 2026 Jan 4, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values i...Show more Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.Show less

Previous 1 2 34