Woocommerce Security Vulnerabilities and Issues — Woocommerce CVE List

Lucene search

AutomatticWoocommerce

2 matches found

CVE•added 2023/11/30 12:15 p.m.•96 views

CVE-2023-47777

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1.

6.5CVSS6.1AI score0.00321EPSS

CVE•added 2025/05/22 4:16 a.m.•62 views

CVE-2025-5062

The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This makes it possible for unauthenticated attacker...

6.1CVSS6.3AI score0.00184EPSS