Filtered by vendor Woocommerce
Subscriptions
Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2024-09-24 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | ||||
| CVE-2023-32801 | 1 Woocommerce | 1 Composite Products | 2024-09-24 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | ||||
| CVE-2023-32802 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-09-24 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | ||||
| CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-09-24 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | ||||
| CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2024-09-24 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | ||||
| CVE-2023-33317 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-09-24 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. | ||||
| CVE-2023-34004 | 1 Woocommerce | 1 Woocommerce Box Office | 2024-09-24 | 6.5 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. | ||||
| CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2024-09-17 | N/A |
| WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | ||||
| CVE-2023-32794 | 1 Woocommerce | 1 Product Addons | 2024-09-03 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. | ||||
| CVE-2023-32745 | 1 Woocommerce | 1 Automatewoo | 2024-09-03 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. | ||||
| CVE-2023-32744 | 1 Woocommerce | 1 Product Recommendations | 2024-09-03 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. | ||||
| CVE-2024-2843 | 1 Woocommerce | 1 Woocommerce Customers Manager | 2024-08-07 | 6.5 Medium |
| The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks | ||||
| CVE-2023-51497 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-08-07 | 5.4 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. | ||||
| CVE-2023-51496 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-08-07 | 5.3 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | ||||
| CVE-2023-51495 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-08-07 | 6.5 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | ||||
| CVE-2015-10104 | 1 Woocommerce | 1 Icons For Features | 2024-08-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | ||||
| CVE-2015-10115 | 1 Woocommerce | 1 Sidebar Manager To Woosidebars Converter | 2024-08-06 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655. | ||||
| CVE-2015-10113 | 1 Woocommerce | 1 Wooframework Tweaks | 2024-08-06 | 3.5 Low |
| A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability. | ||||
| CVE-2015-10114 | 1 Woocommerce | 1 Woosidebars | 2024-08-06 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in WooSidebars Plugin up to 1.4.1 on WordPress. Affected by this issue is the function enable_custom_post_sidebars of the file classes/class-woo-sidebars.php. The manipulation of the argument sendback leads to open redirect. The attack may be launched remotely. Upgrading to version 1.4.2 is able to address this issue. The patch is identified as 1ac6d6ac26e185673f95fc1ccc56a392169ba601. It is recommended to upgrade the affected component. VDB-230654 is the identifier assigned to this vulnerability. | ||||
| CVE-2015-10112 | 1 Woocommerce | 1 Wooframework Branding | 2024-08-06 | 4.3 Medium |
| A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652. | ||||