Filtered by vendor Woocommerce
Subscriptions
Total
55 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-2099 | 1 Woocommerce | 1 Woocommerce | 2023-11-07 | 4.8 Medium |
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | ||||
CVE-2023-33317 | 1 Woocommerce | 1 Returns And Warranty Requests | 2023-09-01 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. | ||||
CVE-2023-34004 | 1 Woocommerce | 1 Woocommerce Box Office | 2023-09-01 | 5.4 Medium |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. | ||||
CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2023-08-31 | 5.4 Medium |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | ||||
CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2023-08-31 | 5.4 Medium |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | ||||
CVE-2023-32801 | 1 Woocommerce | 1 Composite Products | 2023-08-31 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | ||||
CVE-2023-32802 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2023-08-31 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | ||||
CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2023-08-28 | 4.8 Medium |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | ||||
CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-08-09 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||
CVE-2023-36511 | 1 Woocommerce | 1 Woocommerce Order Barcodes | 2023-07-27 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | ||||
CVE-2023-36514 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-07-27 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | ||||
CVE-2023-36513 | 1 Woocommerce | 1 Automatewoo | 2023-07-27 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | ||||
CVE-2023-35880 | 1 Woocommerce | 1 Brands | 2023-07-26 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | ||||
CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2023-06-28 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | ||||
CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2023-06-28 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | ||||
CVE-2023-34000 | 1 Woocommerce | 1 Stripe Payment Gateway | 2023-06-21 | 7.5 High |
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | ||||
CVE-2023-33316 | 1 Woocommerce | 1 Automatewoo | 2023-06-01 | 8.8 High |
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | ||||
CVE-2023-33319 | 1 Woocommerce | 1 Automatewoo | 2023-06-01 | 6.1 Medium |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | ||||
CVE-2021-24171 | 1 Woocommerce | 1 Upload Files | 2022-10-24 | 9.8 Critical |
The WooCommerce Upload Files WordPress plugin before 59.4 ran a single sanitization pass to remove blocked extensions such as .php. It was possible to bypass this and upload a file with a PHP extension by embedding a "blocked" extension within another "blocked" extension in the "wcuf_file_name" parameter. It was also possible to perform a double extension attack and upload files to a different location via path traversal using the "wcuf_current_upload_session_id" parameter. | ||||
CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2022-10-03 | N/A |
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. |