| CVE-2024-12218 | Woocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | phoeniixx | Woocommerce check pincode/zipcode for shipping | Medium | 6.1 | 2025-01-09 11:10:59 | Deep Dive |
| CVE-2024-12337 | Shipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-ids | webwirkung | Shipping via Planzer for WooCommerce | Medium | 6.1 | 2025-01-08 11:09:26 | Deep Dive |
| CVE-2024-56290 | WordPress Multiple Shipping And Billing Address For Woocommerce Plugin <= 1.2 - Unauthenticated SQL Injection vulnerability | silverplugins217 | Multiple Shipping And Billing Address For Woocommerce | Critical | 9.3 | 2025-01-07 10:49:15 | Deep Dive |
| CVE-2024-11842 | DN Shipping by Weight for WooCommerce < 1.2 - Settings Update via CSRF | Unknown | DN Shipping by Weight for WooCommerce | 中危 | - | 2024-12-27 06:00:15 | Deep Dive |
| CVE-2023-37989 | WordPress Easyship WooCommerce Shipping Rates plugin <= 0.9.0 - Broken Access Control vulnerability | Easyship | Easyship WooCommerce Shipping Rates | Medium | 5.4 | 2024-12-13 14:23:53 | Deep Dive |
| CVE-2024-9109 | UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset | octolize | Shipping Live Rates and Access Points for UPS for WooCommerce | Medium | 4.3 | 2024-10-25 05:35:28 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-47309 | WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability | Condless | Cities Shipping Zones for WooCommerce | Medium | 6.6 | 2024-10-05 12:23:16 | Deep Dive |
| CVE-2024-9237 | Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting | wpcentrics | Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules | Medium | 6.1 | 2024-10-04 02:32:24 | Deep Dive |
| CVE-2024-6566 | Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure | aramex | Aramex Shipping WooCommerce | Medium | 5.3 | 2024-07-27 01:51:06 | Deep Dive |
| CVE-2023-51498 | WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability | Woo | WooCommerce Canada Post Shipping | Medium | 5.3 | 2024-06-11 14:37:58 | Deep Dive |
| CVE-2024-32811 | WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability | Octolize | USPS Shipping for WooCommerce – Live Rates | Medium | 5.3 | 2024-06-09 12:44:39 | Deep Dive |
| CVE-2023-51546 | WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability | WebToffee | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | High | 7.2 | 2024-05-17 08:44:58 | Deep Dive |
| CVE-2024-32834 | WordPress WooCommerce Shipping Label plugin <= 2.3.8 - Cross Site Scripting (XSS) vulnerability | WebToffee | WooCommerce Shipping Label | Medium | 5.9 | 2024-04-24 08:27:37 | Deep Dive |
| CVE-2024-32095 | WordPress MultiParcels Shipping For WooCommerce plugin < 1.16.9 - Cross Site Request Forgery (CSRF) vulnerability | MultiParcels | MultiParcels Shipping For WooCommerce | Medium | 4.3 | 2024-04-15 08:57:05 | Deep Dive |
| CVE-2023-51499 | WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability | WooCommerce | WooCommerce Shipping Per Product | Medium | 4.3 | 2024-04-12 14:37:00 | Deep Dive |
| CVE-2024-31943 | WordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerability | Octolize | USPS Shipping for WooCommerce – Live Rates | Medium | 4.3 | 2024-04-10 17:41:07 | Deep Dive |
| CVE-2024-31944 | WordPress WooCommerce UPS Shipping plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerability | Octolize | WooCommerce UPS Shipping – Live Rates and Access Points | Medium | 4.3 | 2024-04-10 17:39:55 | Deep Dive |
| CVE-2024-3216 | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset | webtoffee | WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | Medium | 5.3 | 2024-04-06 03:24:44 | Deep Dive |
| CVE-2024-29805 | WordPress Shipping with Venipak for WooCommerce plugin <= 1.19.5 - Reflected Cross Site Scripting (XSS) vulnerability | ShopUp | Shipping with Venipak for WooCommerce | High | 7.1 | 2024-03-27 12:15:13 | Deep Dive |