Filtered by vendor Woocommerce
Subscribe
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37297 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature. | |||||
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | |||||
| CVE-2023-51497 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9. | |||||
| CVE-2023-51496 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | |||||
| CVE-2023-51495 | 1 Woocommerce | 1 Returns And Warranty Requests | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7. | |||||
| CVE-2023-51494 | 1 Woocommerce | 1 Product Vendors | 2024-11-21 | N/A | 5.3 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. | |||||
| CVE-2023-3508 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | N/A | 6.5 MEDIUM |
| The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks | |||||
| CVE-2023-3507 | 1 Woocommerce | 1 Woocommerce Pre-orders | 2024-11-21 | N/A | 6.5 MEDIUM |
| The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack | |||||
| CVE-2023-37873 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-36514 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-36513 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | |||||
| CVE-2023-36511 | 1 Woocommerce | 1 Woocommerce Order Barcodes | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | |||||
| CVE-2023-35918 | 1 Woocommerce | 1 Bulk Stock Management | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | |||||
| CVE-2023-35917 | 1 Woocommerce | 1 Paypal Payments | 2024-11-21 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | |||||
| CVE-2023-35880 | 1 Woocommerce | 1 Brands | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. | |||||
| CVE-2023-34004 | 1 Woocommerce | 1 Woocommerce Box Office | 2024-11-21 | N/A | 6.5 MEDIUM |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions. | |||||
| CVE-2023-34003 | 1 Woocommerce | 1 Box Office | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.51. | |||||
| CVE-2023-34000 | 1 Woocommerce | 1 Stripe Payment Gateway | 2024-11-21 | N/A | 7.5 HIGH |
| Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-33319 | 1 Woocommerce | 1 Automatewoo | 2024-11-21 | N/A | 7.1 HIGH |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. | |||||