Filtered by vendor Woocommerce
Subscriptions
Total
70 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2024-11-20 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | ||||
| CVE-2024-10820 | 2 Vanquish, Woocommerce | 2 Woocommerce Upload Files, Upload Files | 2024-11-19 | 9.8 Critical |
| The WooCommerce Upload Files plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 84.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2019-14979 | 1 Woocommerce | 1 Paypal Checkout Payment Gateway | 2024-11-15 | N/A |
| cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state | ||||
| CVE-2022-0775 | 1 Woocommerce | 1 Woocommerce | 2024-11-13 | 4.3 Medium |
| The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | ||||
| CVE-2024-43219 | 1 Woocommerce | 1 Persian-woocommerce | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6. | ||||
| CVE-2023-51494 | 1 Woocommerce | 1 Product Vendors | 2024-11-05 | 5.3 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. | ||||
| CVE-2023-33316 | 1 Woocommerce | 1 Automatewoo | 2024-11-01 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | ||||
| CVE-2024-47634 | 2 Majas-lapu-izstrade, Woocommerce | 2 Cartbounty, Streamline.lv | 2024-10-22 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Streamline.Lv CartBounty – Save and recover abandoned carts for WooCommerce allows Cross Site Request Forgery.This issue affects CartBounty – Save and recover abandoned carts for WooCommerce: from n/a through 8.2. | ||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2024-10-17 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | ||||
| CVE-2024-9944 | 2 Woocommerce, Woothemes | 2 Woocommerce, Woocommerce | 2024-10-17 | 5.3 Medium |
| The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions. | ||||
| CVE-2017-18356 | 1 Woocommerce | 1 Woocommerce | 2024-10-17 | N/A |
| In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes. | ||||
| CVE-2020-36841 | 1 Woocommerce | 1 Woocommerce Smart Coupons | 2024-10-16 | 5.3 Medium |
| The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront. | ||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-10-11 | 6.5 Medium |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | ||||
| CVE-2023-33319 | 1 Woocommerce | 1 Automatewoo | 2024-10-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | ||||
| CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2024-10-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | ||||
| CVE-2023-35880 | 1 Woocommerce | 1 Brands | 2024-09-30 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | ||||
| CVE-2023-36511 | 1 Woocommerce | 1 Woocommerce Order Barcodes | 2024-09-30 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | ||||
| CVE-2023-36513 | 1 Woocommerce | 1 Automatewoo | 2024-09-30 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | ||||
| CVE-2023-36514 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-09-30 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-09-25 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||