Automattic

Woocommerce

11 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2023-7320

  • EPSS 0.05%
  • Veröffentlicht 29.10.2025 06:45:48
  • Zuletzt bearbeitet 30.10.2025 15:03:13

The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can al...

5.9

CVE-2025-49042

  • EPSS 0.04%
  • Veröffentlicht 29.10.2025 04:50:12
  • Zuletzt bearbeitet 30.10.2025 15:05:32

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2.

6.1

CVE-2025-5062

  • EPSS 0.23%
  • Veröffentlicht 22.05.2025 03:42:08
  • Zuletzt bearbeitet 30.09.2025 16:35:18

The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. Th...

5.9

CVE-2025-26762

  • EPSS 0.05%
  • Veröffentlicht 27.03.2025 15:52:22
  • Zuletzt bearbeitet 27.03.2025 16:45:12

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0.

5.3

CVE-2024-10486

  • EPSS 2.17%
  • Veröffentlicht 18.11.2024 22:15:05
  • Zuletzt bearbeitet 19.11.2024 21:57:32

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attacke...

5.9

CVE-2024-39666

  • EPSS 0.06%
  • Veröffentlicht 18.08.2024 14:15:06
  • Zuletzt bearbeitet 19.08.2024 12:59:59

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.

3.5

CVE-2024-35777

  • EPSS 0.27%
  • Veröffentlicht 09.07.2024 10:15:03
  • Zuletzt bearbeitet 21.11.2024 09:20:52

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.

4.9

CVE-2024-1310

Exploit
  • EPSS 0.28%
  • Veröffentlicht 15.04.2024 05:15:14
  • Zuletzt bearbeitet 27.05.2025 16:13:32

The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)

4.3

CVE-2024-22155

  • EPSS 0.23%
  • Veröffentlicht 07.04.2024 18:15:08
  • Zuletzt bearbeitet 21.11.2024 08:55:41

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.

5.4

CVE-2023-47777

Exploit
  • EPSS 0.32%
  • Veröffentlicht 30.11.2023 12:15:08
  • Zuletzt bearbeitet 21.11.2024 08:30:47

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: ...