WooCommerce

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   WooCommerce

Information

Software Type Plugin
Software Slug woocommerce (view on wordpress.org)
Software Status Active
Software Author woothemes
Software Website woocommerce.com
Software Downloads 327,158,979
Software Active Installs 7,000,000
Software Record Last Updated July 26, 2024

Showing 1-20 of 37 Vulnerabilities

WooCommerce <= 8.9.2 - Authenticated (Shop Manager+) Content Injection
2.7
CVE-2024-35777
Jun 27, 2024
Researcher: Phill Sav (Savphill)
WooCommerce 8.8.0 - 8.9.2 - Reflected Cross-Site Scripting via Order Attribution
6.1
CVE-2024-37297
Jun 10, 2024
Researchers:
WooCommerce <= 8.5.2 - Cross-Site Request Forgery
4.3
CVE-2024-22155
Apr 5, 2024
Researcher: Dhabaleshwar Das
WooCommerce < 8.4.0 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jan 12, 2024
Researchers:
WooCommerce <= 8.2.2 - Cross-Site Request Forgery
4.3
CVE-2023-52222
Jan 5, 2024
Researcher: Rafie Muhammad
WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute
6.4
CVE-2023-47777
Nov 15, 2023
Researcher: Rafie Muhammad
WooCommerce <= 7.8.2 - Sensitive Information Exposure
5.3
CVE ID Unknown
Sep 11, 2023
Researcher: osama-hamad
WooCommerce <= 7.0.0 - Authenticated(Shop Manager+) Sensitive Information Exposure
4.9
CVE ID Unknown
Sep 11, 2023
Researcher: David Anderson
WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection
5.5
CVE-2022-2099
Jun 20, 2022
Researcher: Taurus Omar
WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure
6.5
CVE ID Unknown
Apr 10, 2022
Researchers:
WooCommerce < 6.3.1 - Unauthorized Order Status Change
4.3
CVE ID Unknown
Mar 10, 2022
Researchers:
WooCommerce <= 6.2.0 - Incorrect Authorization Checks on REST API Endpoints
5.4
CVE-2022-0775
Feb 22, 2022
Researcher: Krzysztof Zając
WooCommerce <= 6.2.0 - Path Traversal via Tax Importer
7.2
CVE ID Unknown
Feb 22, 2022
Researchers:
WooCommerce < 5.5 - Authenticated Blind SQL Injection
8.8
CVE-2021-32790
Jul 13, 2021
Researcher: Josh (jl-dos)
WooCommerce <= 5.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting
4.8
CVE-2021-24323
Apr 21, 2021
Researcher: RE-ALTER
WooCommerce <= 4.6.1 & WooCommerce Blocks <= 3.7.0 - Settings Bypass leading to Account Creation
6.5
CVE ID Unknown
Nov 5, 2020
Researchers:
WooCommerce <= 4.2.0 - Reflected Cross-Site Scripting
6.1
CVE ID Unknown
Jun 22, 2020
Researchers:
WooCommerce <= 4.0.4 - Unauthorized Post Meta Creation/Modification
8.8
CVE ID Unknown
May 5, 2020
Researcher: Slavco Mihajloski
WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter
5.3
CVE-2020-29156
Jan 21, 2020
Researcher: Ko-kn3t
WooCommerce <= 3.6.4 - Missing File Type Validation
7.2
CVE ID Unknown
Jul 2, 2019
Researchers:
Title Status CVE ID CVSS Researchers Date
WooCommerce <= 8.9.2 - Authenticated (Shop Manager+) Content Injection Patched CVE-2024-35777 2.7 Phill Sav (Savphill) June 27, 2024
WooCommerce 8.8.0 - 8.9.2 - Reflected Cross-Site Scripting via Order Attribution Patched CVE-2024-37297 6.1 June 10, 2024
WooCommerce <= 8.5.2 - Cross-Site Request Forgery Patched CVE-2024-22155 4.3 Dhabaleshwar Das April 5, 2024
WooCommerce < 8.4.0 - Reflected Cross-Site Scripting Patched 6.1 January 12, 2024
WooCommerce <= 8.2.2 - Cross-Site Request Forgery Patched CVE-2023-52222 4.3 Rafie Muhammad January 5, 2024
WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute Patched CVE-2023-47777 6.4 Rafie Muhammad November 15, 2023
WooCommerce <= 7.8.2 - Sensitive Information Exposure Patched 5.3 osama-hamad September 11, 2023
WooCommerce <= 7.0.0 - Authenticated(Shop Manager+) Sensitive Information Exposure Patched 4.9 David Anderson September 11, 2023
WooCommerce <= 6.5.1 - Authenticated (Admin+) HTML Injection Patched CVE-2022-2099 5.5 Taurus Omar June 20, 2022
WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure Patched 6.5 April 10, 2022
WooCommerce < 6.3.1 - Unauthorized Order Status Change Patched 4.3 March 10, 2022
WooCommerce <= 6.2.0 - Incorrect Authorization Checks on REST API Endpoints Patched CVE-2022-0775 5.4 Krzysztof Zając February 22, 2022
WooCommerce <= 6.2.0 - Path Traversal via Tax Importer Patched 7.2 February 22, 2022
WooCommerce < 5.5 - Authenticated Blind SQL Injection Patched CVE-2021-32790 8.8 Josh (jl-dos) July 13, 2021
WooCommerce <= 5.1.3 - Authenticated (Admin+) Stored Cross-Site Scripting Patched CVE-2021-24323 4.8 RE-ALTER April 21, 2021
WooCommerce <= 4.6.1 & WooCommerce Blocks <= 3.7.0 - Settings Bypass leading to Account Creation Patched 6.5 November 5, 2020
WooCommerce <= 4.2.0 - Reflected Cross-Site Scripting Patched 6.1 June 22, 2020
WooCommerce <= 4.0.4 - Unauthorized Post Meta Creation/Modification Patched 8.8 Slavco Mihajloski May 5, 2020
WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter Patched CVE-2020-29156 5.3 Ko-kn3t January 21, 2020
WooCommerce <= 3.6.4 - Missing File Type Validation Patched 7.2 July 2, 2019

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation