Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | |||||
| CVE-2019-20891 | 1 Woocommerce | 1 Woocommerce | 2020-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | |||||
| CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2019-10-03 | 5.5 MEDIUM | 8.1 HIGH |
| The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | |||||