| CVE-2024-12160 | Seraphinite Bulk Discounts for WooCommerce <= 2.4.6 - Reflected Cross-Site Scripting | seraphinitesoft | Seraphinite Bulk Discounts for WooCommerce | Medium | 6.1 | 2024-12-12 08:22:35 | Deep Dive |
| CVE-2024-11727 | NotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.4 | 2024-12-12 06:46:33 | Deep Dive |
| CVE-2024-12265 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure | depayfi | Web3 Crypto Payments by DePay for WooCommerce | Medium | 5.3 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-10124 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | themehunk | Vayu Blocks – Website Builder for the Block Editor | Critical | 9.8 | 2024-12-12 05:24:22 | Deep Dive |
| CVE-2024-12040 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' | wpwax | Product Carousel Slider & Grid Ultimate for WooCommerce | High | 8.8 | 2024-12-12 05:24:20 | Deep Dive |
| CVE-2024-12004 | WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | wpclever | WPC Order Notes for WooCommerce | Medium | 6.1 | 2024-12-11 08:57:28 | Deep Dive |
| CVE-2024-10959 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | High | 7.3 | 2024-12-10 11:09:12 | Deep Dive |
| CVE-2024-54227 | WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability | Dotstore | Minimum and Maximum Quantity for WooCommerce | Medium | 4.3 | 2024-12-09 11:32:30 | Deep Dive |
| CVE-2023-23868 | WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability | WPFactory | Cost of Goods for WooCommerce | Medium | 5.4 | 2024-12-09 11:31:48 | Deep Dive |
| CVE-2023-25026 | WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability | PayPal | PayPal Brasil para WooCommerce | Medium | 4.3 | 2024-12-09 11:31:39 | Deep Dive |
| CVE-2023-30479 | WordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerability | Stamped.io | Stamped.io Product Reviews & UGC for WooCommerce | Medium | 5.3 | 2024-12-09 11:31:06 | Deep Dive |
| CVE-2023-30783 | WordPress Smart WooCommerce Search plugin <= 2.5.0 - Broken Access Control | YummyWP | Smart WooCommerce Search | Medium | 4.3 | 2024-12-09 11:31:03 | Deep Dive |
| CVE-2023-32299 | WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability | Anzar Ahmed | Ni WooCommerce Sales Report | Medium | 6.5 | 2024-12-09 11:30:55 | Deep Dive |
| CVE-2023-47694 | WordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerability | appsbd | Mini Cart Drawer For WooCommerce | Medium | 5.4 | 2024-12-09 11:30:54 | Deep Dive |
| CVE-2023-47698 | WordPress Japanized For WooCommerce plugin <= 2.6.4 - Multiple Broken Access Control vulnerability | shohei.tanaka | Japanized For WooCommerce | High | 8.6 | 2024-12-09 11:30:53 | Deep Dive |
| CVE-2023-48274 | WordPress WCMultiShipping plugin <= 2.3.5 - Broken Access Control vulnerability | Mondial Relay WooCommerce - WCMultiShipping | WCMultiShipping | Medium | 6.5 | 2024-12-09 11:30:32 | Deep Dive |
| CVE-2023-49194 | WordPress Importify (Dropshipping WooCommerce) plugin <= 1.0.4 - Sensitive Data Exposure vulnerability | importify | Importify (Dropshipping WooCommerce) | Medium | 5.3 | 2024-12-09 11:30:18 | Deep Dive |
| CVE-2023-49817 | WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability | heoLixfy | Flexible Woocommerce Checkout Field Editor | High | 8.2 | 2024-12-09 11:30:12 | Deep Dive |
| CVE-2023-50899 | WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability | MultiVendorX | Product Catalog Enquiry for WooCommerce by MultiVendorX | Medium | 5.4 | 2024-12-09 11:29:54 | Deep Dive |
| CVE-2024-12257 | CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting | cardgate | CardGate Payments for WooCommerce | Medium | 6.1 | 2024-12-07 01:45:51 | Deep Dive |