Woocommerce

Woocommerce

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-5062

  • EPSS 0.42%
  • Veröffentlicht 22.05.2025 03:42:08
  • Zuletzt bearbeitet 30.09.2025 16:35:18

The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. Th...

7.5

CVE-2024-10567

  • EPSS 0.25%
  • Veröffentlicht 04.12.2024 09:15:04
  • Zuletzt bearbeitet 04.12.2024 09:15:04

The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated att...

6.1

CVE-2024-9944

  • EPSS 0.21%
  • Veröffentlicht 15.10.2024 06:15:02
  • Zuletzt bearbeitet 17.10.2024 20:47:35

The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated...

5.4

CVE-2024-37297

Medienbericht
  • EPSS 0.84%
  • Veröffentlicht 12.06.2024 15:15:52
  • Zuletzt bearbeitet 21.11.2024 09:23:33

WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content i...

4.3

CVE-2022-0775

Exploit
  • EPSS 0.26%
  • Veröffentlicht 16.01.2024 16:15:09
  • Zuletzt bearbeitet 11.06.2025 17:15:30

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

8.8

CVE-2023-52222

  • EPSS 0.2%
  • Veröffentlicht 08.01.2024 19:15:09
  • Zuletzt bearbeitet 21.11.2024 08:39:25

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

4.8

CVE-2023-32575

  • EPSS 0.06%
  • Veröffentlicht 25.08.2023 11:15:08
  • Zuletzt bearbeitet 21.11.2024 08:03:38

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.

4.8

CVE-2022-2099

Exploit
  • EPSS 0.55%
  • Veröffentlicht 17.07.2022 11:15:08
  • Zuletzt bearbeitet 21.11.2024 07:00:19

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

4.9

CVE-2021-32790

  • EPSS 2.01%
  • Veröffentlicht 26.07.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:44

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to ...

4.8

CVE-2021-24323

Exploit
  • EPSS 0.38%
  • Veröffentlicht 17.05.2021 17:15:08
  • Zuletzt bearbeitet 21.11.2024 05:52:50

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disable...