Filtered by vendor Woocommerce
Subscribe
Search
Total
14 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52222 | 1 Woocommerce | 1 Woocommerce | 2024-01-11 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | |||||
| CVE-2023-32795 | 1 Woocommerce | 1 Product Addons | 2024-01-04 | N/A | 7.2 HIGH |
| Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3. | |||||
| CVE-2023-33318 | 1 Woocommerce | 1 Automatewoo | 2023-12-28 | N/A | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.40. | |||||
| CVE-2023-33330 | 1 Woocommerce | 1 Automatewoo | 2023-12-26 | N/A | 8.1 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a through 4.9.50. | |||||
| CVE-2023-32744 | 1 Woocommerce | 1 Product Recommendations | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. | |||||
| CVE-2023-32794 | 1 Woocommerce | 1 Product Addons | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. | |||||
| CVE-2023-32745 | 1 Woocommerce | 1 Automatewoo | 2023-11-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. | |||||
| CVE-2023-36511 | 1 Woocommerce | 1 Woocommerce Order Barcodes | 2023-07-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | |||||
| CVE-2023-36514 | 1 Woocommerce | 1 Shipping Multiple Addresses | 2023-07-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | |||||
| CVE-2023-36513 | 1 Woocommerce | 1 Automatewoo | 2023-07-27 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | |||||
| CVE-2020-35627 | 1 Woocommerce | 1 Gift Cards | 2020-12-30 | 7.5 HIGH | 8.8 HIGH |
| Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vulnerability in the Custom GiftCard Template that can remotely execute arbitrary code. Once it contains the function "Custom Gift Card Template", the function of uploading a custom image is used, changing the name of the image extension to PHP and executing PHP code on the server. | |||||
| CVE-2020-11497 | 1 Woocommerce | 1 Nab Transact | 2020-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary bank transaction ID during the payment-details entry step. | |||||
| CVE-2019-20891 | 1 Woocommerce | 1 Woocommerce | 2020-06-25 | 6.8 MEDIUM | 8.8 HIGH |
| WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | |||||
| CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2019-10-03 | 5.5 MEDIUM | 8.1 HIGH |
| The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | |||||