| CVE-2024-12265 | Web3 Cryptocurrency Payments by DePay for WooCommerce <= 2.12.17 - Missing Authorization to Information Exposure | depayfi | Web3 Crypto Payments by DePay for WooCommerce | Medium | 5.3 | 2024-12-12 05:24:24 | Deep Dive |
| CVE-2024-10124 | Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation | themehunk | Vayu Blocks – Website Builder for the Block Editor | Critical | 9.8 | 2024-12-12 05:24:22 | Deep Dive |
| CVE-2024-12040 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' | wpwax | Product Carousel Slider & Grid Ultimate for WooCommerce | High | 8.8 | 2024-12-12 05:24:20 | Deep Dive |
| CVE-2024-12004 | WPC Order Notes for WooCommerce <= 1.5.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting | wpclever | WPC Order Notes for WooCommerce | Medium | 6.1 | 2024-12-11 08:57:28 | Deep Dive |
| CVE-2024-10959 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | High | 7.3 | 2024-12-10 11:09:12 | Deep Dive |
| CVE-2024-54227 | WordPress Minimum and Maximum Quantity for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability | Dotstore | Minimum and Maximum Quantity for WooCommerce | Medium | 4.3 | 2024-12-09 11:32:30 | Deep Dive |
| CVE-2023-23868 | WordPress Cost of Goods for WooCommerce plugin <= 2.8.6 - Broken Access Control vulnerability | WPFactory | Cost of Goods for WooCommerce | Medium | 5.4 | 2024-12-09 11:31:48 | Deep Dive |
| CVE-2023-25026 | WordPress PayPal Brasil para WooCommerce plugin <= 1.4.2 - Broken Access Control vulnerability | Otávio Augusto | PayPal Brasil para WooCommerce | Medium | 4.3 | 2024-12-09 11:31:39 | Deep Dive |
| CVE-2023-30479 | WordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerability | Stamped.io | Stamped.io Product Reviews & UGC for WooCommerce | Medium | 5.3 | 2024-12-09 11:31:06 | Deep Dive |
| CVE-2023-30783 | WordPress Smart WooCommerce Search plugin <= 2.5.0 - Broken Access Control | YummyWP | Smart WooCommerce Search | Medium | 4.3 | 2024-12-09 11:31:03 | Deep Dive |
| CVE-2023-32299 | WordPress Ni WooCommerce Sales Report plugin <= 3.7.3 - Broken Access Control vulnerability | Anzar Ahmed | Ni WooCommerce Sales Report | 中危 | - | 2024-12-09 11:30:55 | Deep Dive |
| CVE-2023-47694 | WordPress Mini Cart Drawer For WooCommerce plugin <= 4.0.0 - Broken Access Control vulnerability | appsbd | Mini Cart Drawer For WooCommerce | Medium | 5.4 | 2024-12-09 11:30:54 | Deep Dive |
| CVE-2023-47698 | WordPress Japanized For WooCommerce plugin <= 2.6.4 - Multiple Broken Access Control vulnerability | shohei.tanaka | Japanized For WooCommerce | 高危 | - | 2024-12-09 11:30:53 | Deep Dive |
| CVE-2023-49194 | WordPress Importify (Dropshipping WooCommerce) plugin <= 1.0.4 - Sensitive Data Exposure vulnerability | importify | Importify (Dropshipping WooCommerce) | 中危 | - | 2024-12-09 11:30:18 | Deep Dive |
| CVE-2023-49817 | WordPress Flexible Woocommerce Checkout Field Editor plugin <= 2.0.1 - Broken Access Control vulnerability | heolixfy | Flexible Woocommerce Checkout Field Editor | High | 8.2 | 2024-12-09 11:30:12 | Deep Dive |
| CVE-2023-50899 | WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX plugin <= 5.0.2 - Broken Access Control vulnerability | MultiVendorX | Product Catalog Enquiry for WooCommerce by MultiVendorX | Medium | 5.4 | 2024-12-09 11:29:54 | Deep Dive |
| CVE-2024-12257 | CardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site Scripting | cardgate | CardGate Payments for WooCommerce | Medium | 6.1 | 2024-12-07 01:45:51 | Deep Dive |
| CVE-2024-10046 | افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting | persianscript | افزونه پیامک ووکامرس Persian WooCommerce SMS | Medium | 6.1 | 2024-12-07 01:45:49 | Deep Dive |
| CVE-2024-53817 | WordPress Acowebs Product Labels For Woocommerce plugin <= 1.5.8 - SQL Injection vulnerability | acowebs | Product Labels For Woocommerce | High | 7.6 | 2024-12-06 13:05:59 | Deep Dive |
| CVE-2024-11687 | Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting | martinnguyen1990 | Next-Cart Store to WooCommerce Migration | Medium | 6.1 | 2024-12-06 08:24:57 | Deep Dive |