WooCommerce

Information

Software Type Plugin
Software Slug woocommerce (view on wordpress.org)
Software Status Active
Software Author woothemes
Software Website woo.com
Software Downloads 296,609,443
Software Active Installs 5,000,000
Software Record Last Updated March 4, 2024

Showing 1-20 of 34 Vulnerabilities

7.5
CVE ID Unknown
Jun 10, 2015
Researchers:
7.2
CVE ID Unknown
Feb 22, 2022
Researchers:
7.2
CVE ID Unknown
Jul 2, 2019
Researchers:
6.6
CVE ID Unknown
Aug 29, 2018
Researchers:
6.4
CVE ID Unknown
Jul 19, 2016
Researcher: Han Sahin
6.1
CVE ID Unknown
Jan 12, 2024
Researchers:
6.1
CVE ID Unknown
Jun 22, 2020
Researchers:
Title CVE ID CVSS Researchers Date
WooCommerce < 5.5 - Authenticated Blind SQL Injection CVE-2021-32790 8.8 Josh (jl-dos) July 13, 2021
WooCommerce <= 4.0.4 - Unauthorized Post Meta Creation/Modification 8.8 Slavco Mihajloski May 5, 2020
WooCommerce <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting 8.8 DENNIS BRINKROLF July 2, 2019
WooCommerce <= 3.2.3 - Authenticated PHP Object Injection CVE-2017-18356 8.8 November 16, 2017
WooCommerce <= 2.3.10 - PHP Object Injection 7.5 June 10, 2015
WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter CVE-2014-6313 7.3 dwxsupport September 15, 2014
WooCommerce <= 6.2.0 - Path Traversal via Tax Importer 7.2 February 22, 2022
WooCommerce <= 3.6.4 - Missing File Type Validation 7.2 July 2, 2019
WooCommerce <= 3.4.5 - WooCommerce File Deletion CVE-2018-20714 7.2 Simon Scannell, Karim El Ouerghemmi, Slavco Mihajloski November 6, 2018
WooCommerce <= 2.3.5 - Stored Cross-Site Scripting CVE-2015-2329 7.2 March 13, 2015
WooCommerce <= 3.4.4 - Authenticated PHP Object Injection 6.6 August 29, 2018
WooCommerce < 5.7.0 & WooCommerce Admin < 2.6.4 - Information Disclosure 6.5 April 10, 2022
WooCommerce <= 4.6.1 & WooCommerce Blocks <= 3.7.0 - Settings Bypass leading to Account Creation 6.5 November 5, 2020
WooCommerce <= 8.1.1 & WooCommerce Blocks <= 11.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Featured Image alt Attribute CVE-2023-47777 6.4 Rafie Muhammad November 15, 2023
WooCommerce <= 2.6.3 - Stored Cross-Site Scripting via REST-API 6.4 Sipke Mellema July 26, 2016
WooCommerce <= 2.6.2 - Stored Cross-Site Scripting 6.4 Han Sahin July 19, 2016
WooCommerce < 8.4.0 - Reflected Cross-Site Scripting 6.1 January 12, 2024
WooCommerce <= 4.2.0 - Reflected Cross-Site Scripting 6.1 June 22, 2020
WooCommerce <= 3.5.4 - Stored Cross-Site Scripting CVE-2019-9168 6.1 Zhouyuan Yang February 20, 2019
WooCommerce <= 2.2.10 - Cross-Site Scripting CVE-2015-2069 6.1 January 29, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation