Woocommerce CVEs and Security Vulnerabilities

Filtered by vendor Woocommerce Subscriptions

Total 98 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-37297	1 Woocommerce	1 Woocommerce	2024-11-21	5.4 Medium
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature.
CVE-2024-0626	1 Woocommerce	1 Woocommerce	2024-11-21	5.3 Medium
The WooCommerce Clover Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callback_handler function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to mark orders as paid.
CVE-2023-51497	1 Woocommerce	1 Shipping Multiple Addresses	2024-11-21	5.4 Medium
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9.
CVE-2023-51496	1 Woocommerce	1 Returns And Warranty Requests	2024-11-21	5.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.
CVE-2023-51495	1 Woocommerce	1 Returns And Warranty Requests	2024-11-21	6.5 Medium
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.
CVE-2023-51494	1 Woocommerce	1 Product Vendors	2024-11-21	5.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.
CVE-2023-37873	1 Woocommerce	1 Shipping Multiple Addresses	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-36514	1 Woocommerce	1 Shipping Multiple Addresses	2024-11-21	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-36513	1 Woocommerce	1 Automatewoo	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVE-2023-36511	1 Woocommerce	1 Woocommerce Order Barcodes	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVE-2023-35918	1 Woocommerce	1 Bulk Stock Management	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
CVE-2023-35917	1 Woocommerce	1 Paypal Payments	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
CVE-2023-35880	1 Woocommerce	1 Brands	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
CVE-2023-34004	1 Woocommerce	1 Woocommerce Box Office	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.
CVE-2023-34003	1 Woocommerce	1 Box Office	2024-11-21	6.5 Medium
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51.
CVE-2023-33330	1 Woocommerce	1 Automatewoo	2024-11-21	8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50.
CVE-2023-33319	1 Woocommerce	1 Automatewoo	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.
CVE-2023-33318	1 Woocommerce	1 Automatewoo	2024-11-21	9.9 Critical
Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40.
CVE-2023-33317	1 Woocommerce	1 Returns And Warranty Requests	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
CVE-2023-33316	1 Woocommerce	1 Automatewoo	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.

« first previous Page 3 of 5. next last »