Home/Product/woocommerce
Product

woocommerce

42 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-5062
< 9.3.4
The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all
6.1MEDIUM
 CVE-2024-9944
< 9.1.0
The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to t
5.3MEDIUM
 CVE-2023-35049
< 7.4.1
Missing Authorization vulnerability in WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Paymen
7.5HIGH
 CVE-2023-51497
< 3.8.10
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple
5.4MEDIUM
 CVE-2023-51496
< 2.3.0
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/
5.3MEDIUM
 CVE-2023-51495
< 2.3.0
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/
6.5MEDIUM
 CVE-2024-37297
>= 8.8 and < 8.8.5
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cro
5.4MEDIUM
 CVE-2023-34003
< 1.1.52
Missing Authorization vulnerability in Woo WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.1.
6.5MEDIUM
 CVE-2024-1310
< 8.6
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they s
4.9MEDIUM
 CVE-2023-44999
<= 7.6.0
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Stripe Payment Gateway.This issue affects WooCommerce S
5.4MEDIUM
 CVE-2024-24799
< 1.2.3
Missing Authorization vulnerability in WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a thro
6.5MEDIUM
 CVE-2022-0775
< 6.2.1
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow an
4.3MEDIUM
 CVE-2023-52222
<= 8.2.2
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
4.3MEDIUM
 CVE-2023-32799
<= 3.8.3
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.This issue affects Shipp
6.5MEDIUM
 CVE-2023-33318
<= 4.9.40
Unrestricted Upload of File with Dangerous Type vulnerability in WooCommerce AutomateWoo.This issue affects AutomateWoo: from n/a
9.9CRITICAL
 CVE-2023-33330
< 4.9.51
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This
8.5HIGH
 CVE-2023-32743
< 5.7.2
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.This
7.6HIGH
 CVE-2023-47777
<= 8.1.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Auto
6.5MEDIUM
 CVE-2023-32745
<= 5.7.1
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.
5.4MEDIUM
 CVE-2023-33317
<= 2.1.6
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.
7.1HIGH
 CVE-2023-32802
<= 1.9.0
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Pre-Orders plugin <= 1.9.0 versions.
7.1HIGH
 CVE-2023-32793
<= 2.0.0
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce Pre-Orders plugin <= 2.0.0 versio
6.5MEDIUM
 CVE-2023-32575
<= 1.3.25
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce
5.9MEDIUM
 CVE-2023-37873
<= 3.8.5
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
7.1HIGH
 CVE-2023-3508
< 2.0.3
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allo
6.5MEDIUM
 CVE-2023-3507
< 2.0.3
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow atta
6.5MEDIUM
 CVE-2023-36514
<= 3.8.5
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
6.5MEDIUM
 CVE-2023-36513
<= 5.7.5
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
5.4MEDIUM
 CVE-2023-34000
< 7.4.1
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.
7.5HIGH
 CVE-2023-33319
<= 4.9.40
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.
7.1HIGH
 CVE-2023-33316
< 4.9.50
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versio
5.4MEDIUM
 CVE-2022-2099
< 6.6.0
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the
4.8MEDIUM
 CVE-2021-32790
>= 3.3.0 and < 3.3.6
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running
4.9MEDIUM
 CVE-2021-24323
< 5.2.0
When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the a
4.8MEDIUM
 CVE-2020-29156
< 4.7.0
The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id
5.3MEDIUM
 CVE-2019-20891
< 3.6.5
WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant st
8.8HIGH
 CVE-2019-9168
< 3.5.5
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
6.1MEDIUM
 CVE-2018-20714
< 3.4.6
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability.
8.1HIGH
 CVE-2017-18356
< 3.2.4
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site wit
8.8HIGH
 CVE-2015-2329
< 2.3.6
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject ar
6.1MEDIUM
 CVE-2017-17058
<= 3.2.6
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/tem
7.5HIGH
 CVE-2016-10112
<= 2.6.8
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administ
4.8MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh