| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-11893 | Spoki – Chat Buttons and WooCommerce Notifications <= 2.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting | spoki | Spoki – Chat Buttons and WooCommerce Notifications | Medium | 6.4 | 2024-12-20 06:59:09 | Deep Dive |
| CVE-2024-54383 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability | wpweb | WooCommerce PDF Vouchers | Critical | 9.8 | 2024-12-18 18:48:53 | Deep Dive |
| CVE-2024-56008 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Arbitrary Content Deletion vulnerability | spreadr | Spreadr Woocommerce | High | 7.5 | 2024-12-18 11:38:19 | Deep Dive |
| CVE-2024-12432 | WPC Shop as a Customer for WooCommerce <= 1.2.8 - Authentication Bypass Due to Insufficiently Unique Key | wpclever | WPC Shop as a Customer for WooCommerce | High | 8.1 | 2024-12-18 03:22:01 | Deep Dive |
| CVE-2024-12395 | WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number' | amitwpdeveloper | Additional Fees For WooCommerce Checkout | Medium | 6.1 | 2024-12-17 11:10:19 | Deep Dive |
| CVE-2024-12220 | SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | theafricanboss | SMS for WooCommerce | Medium | 6.1 | 2024-12-17 07:23:16 | Deep Dive |
| CVE-2024-55996 | WordPress Payment gateway per Product for WooCommerce plugin <= 3.5.6 - Broken Access Control vulnerability | dreamfox | Dreamfox Media Payment gateway per Product for Woocommerce | Medium | 6.1 | 2024-12-16 14:31:16 | Deep Dive |
| CVE-2024-55992 | WordPress WooCommerce Basic Ordernumbers plugin <= 1.4.4 - Broken Access Control vulnerability | Open Tools | WooCommerce Basic Ordernumbers | Medium | 5.4 | 2024-12-16 14:14:21 | Deep Dive |
| CVE-2024-56009 | WordPress Spreadr Woocommerce plugin <= 1.0.4 - Broken Access Control vulnerability | spreadr | Spreadr Woocommerce | Medium | 5.3 | 2024-12-16 14:14:18 | Deep Dive |
| CVE-2024-54386 | WordPress Push Monkey Pro plugin <= 3.9 - CSRF to Stored XSS vulnerability | pushmonkey | Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart | High | 7.1 | 2024-12-16 14:14:08 | Deep Dive |
| CVE-2024-12448 | Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | coderpress | Posts and Products Views for WooCommerce | Medium | 6.4 | 2024-12-14 04:23:44 | Deep Dive |
| CVE-2024-12517 | WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting | prontotools | WooCommerce Cart Count Shortcode | Medium | 6.4 | 2024-12-14 04:23:43 | Deep Dive |
| CVE-2024-54333 | WordPress Check Pincode For Woocommerce plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability | silverplugins217 | Check Pincode For Woocommerce | High | 7.1 | 2024-12-13 14:25:35 | Deep Dive |
| CVE-2024-54328 | WordPress Invoice Payment for WooCommerce plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerability | linknacional | Invoice Payment for WooCommerce | High | 7.1 | 2024-12-13 14:25:32 | Deep Dive |
| CVE-2024-54312 | WordPress افزونه پیامک ووکامرس Persian WooCommerce SMS plugin <= 7.0.5 - Reflected Cross Site Scripting (XSS) vulnerability | PersianScript | Persian Woocommerce SMS | High | 7.1 | 2024-12-13 14:25:21 | Deep Dive |
| CVE-2024-54262 | WordPress Import Export For WooCommerce plugin <= 1.6.2 - Arbitrary File Upload vulnerability | sidngr | Import Export For WooCommerce | Critical | 9.9 | 2024-12-13 14:24:43 | Deep Dive |
| CVE-2024-54240 | WordPress Blaze Online eParcel for WooCommerce plugin <= 1.3.3 - Reflected Cross Site Scripting (XSS) vulnerability | blazeonline | Blaze Online eParcel for WooCommerce | High | 7.1 | 2024-12-13 14:24:34 | Deep Dive |
| CVE-2024-54236 | WordPress Ni WooCommerce Bulk Product Editor plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability | Anzar Ahmed | Ni WooCommerce Bulk Product Editor | High | 7.1 | 2024-12-13 14:24:30 | Deep Dive |
| CVE-2024-54235 | WordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Reflected Cross Site Scripting (XSS) vulnerability | Shiptimize | Shiptimize for WooCommerce | High | 7.1 | 2024-12-13 14:24:29 | Deep Dive |
| CVE-2024-54231 | WordPress Ni WooCommerce Order Export plugin <= 3.1.6 - Reflected Cross Site Scripting (XSS) vulnerability | Anzar Ahmed | Ni WooCommerce Order Export | High | 7.1 | 2024-12-13 14:24:28 | Deep Dive |