Filtered by vendor Woocommerce
Subscribe
Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | |||||
| CVE-2023-34000 | 1 Woocommerce | 1 Stripe Payment Gateway | 2024-11-21 | N/A | 7.5 HIGH |
| Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-33319 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | |||||
| CVE-2023-33318 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 9.9 CRITICAL |
| Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | |||||
| CVE-2023-33317 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions. | |||||
| CVE-2023-33316 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | |||||
| CVE-2023-32802 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. | |||||
| CVE-2023-32801 | 1 Woocommerce | 1 Composite Products | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions. | |||||
| CVE-2023-32799 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | N/A | 6.5 MEDIUM |
| Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipping Multiple Addresses: from n/a through 3.8.3. | |||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2024-11-21 | N/A | 8.2 HIGH |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | |||||
| CVE-2023-32794 | 1 Woocommerce | 1 Product Addons | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. | |||||
| CVE-2023-32793 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. | |||||
| CVE-2023-32746 | 1 Woocommerce | 1 Woocommerce Brands | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions. | |||||
| CVE-2023-32745 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. | |||||
| CVE-2023-32744 | 1 Woocommerce | 1 Product Recommendations | 2024-11-21 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. | |||||
| CVE-2023-32743 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 5.7.1. | |||||
| CVE-2023-32575 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A | 5.9 MEDIUM |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | |||||
| CVE-2022-2099 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | |||||
| CVE-2022-0775 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | |||||