Woocommerce@* Security Vulnerabilities and Issues — Woocommerce@* CVE List

Lucene search

AutomatticWoocommerce*

6 matches found

CVE•added 2024/04/15 5:15 a.m.•2655 views

CVE-2024-1310

The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)

4.9CVSS9.3AI score0.00228EPSS

CVE•added 2024/07/09 10:15 a.m.•97 views

CVE-2024-35777

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.

3.5CVSS4.4AI score0.00122EPSS

CVE•added 2024/08/18 2:15 p.m.•64 views

CVE-2024-39666

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.

5.9CVSS5.8AI score0.00039EPSS

CVE•added 2024/04/07 6:15 p.m.•61 views

CVE-2024-22155

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.

4.3CVSS5AI score0.00227EPSS

CVE•added 2024/01/08 7:15 p.m.•53 views

CVE-2023-52222

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

8.8CVSS8.6AI score0.00199EPSS

CVE•added 2024/11/18 10:15 p.m.•53 views

CVE-2024-10486

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS4.9AI score0.02914EPSS