| CVE-2024-10046 | افزونه پیامک ووکامرس Persian WooCommerce SMS <= 7.0.5 - Reflected Cross-Site Scripting | persianscript | افزونه پیامک ووکامرس Persian WooCommerce SMS | Medium | 6.1 | 2024-12-07 01:45:49 | Deep Dive |
| CVE-2024-53817 | WordPress Acowebs Product Labels For Woocommerce plugin <= 1.5.8 - SQL Injection vulnerability | acowebs | Product Labels For Woocommerce | High | 7.6 | 2024-12-06 13:05:59 | Deep Dive |
| CVE-2024-11687 | Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting | martinnguyen1990 | Next-Cart Store to WooCommerce Migration | Medium | 6.1 | 2024-12-06 08:24:57 | Deep Dive |
| CVE-2024-11276 | PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | Medium | 6.1 | 2024-12-06 08:24:54 | Deep Dive |
| CVE-2024-11201 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 6.4 | 2024-12-06 05:26:14 | Deep Dive |
| CVE-2024-11324 | Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting | bastho | Accounting for WooCommerce | Medium | 6.1 | 2024-12-05 09:23:08 | Deep Dive |
| CVE-2024-11814 | Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting | wpcodefactory | Additional Custom Order Status for WooCommerce | Medium | 6.1 | 2024-12-04 09:24:21 | Deep Dive |
| CVE-2024-5020 | Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library | extendthemes | Colibri Page Builder | Medium | 6.4 | 2024-12-04 08:22:47 | Deep Dive |
| CVE-2024-10567 | TI WooCommerce Wishlist <= 2.9.1 - Missing Authorization to Unauthenticated Plugin Setup Wizard Access | templateinvaders | TI WooCommerce Wishlist | High | 7.5 | 2024-12-04 08:22:46 | Deep Dive |
| CVE-2024-11805 | Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting | soraco | Quick License Manager – WooCommerce Plugin | Medium | 6.1 | 2024-12-03 07:35:00 | Deep Dive |
| CVE-2024-52460 | WordPress AtaraPay WooCommerce Payment Gateway plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability | atarapay | AtaraPay WooCommerce Payment Gateway | High | 7.1 | 2024-12-02 13:49:05 | Deep Dive |
| CVE-2024-52469 | WordPress WooCommerce Price Alert plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability | Dhrubok Infotech Services Ltd. | WooCommerce Price Alert | High | 7.1 | 2024-12-02 13:49:00 | Deep Dive |
| CVE-2024-53740 | WordPress WooCommerce Ultimate Gift Card plugin < 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability | WPSwings | WooCommerce Ultimate Gift Card | High | 7.1 | 2024-12-02 13:42:04 | Deep Dive |
| CVE-2024-53742 | WordPress Multilevel Referral Affiliate plugin for WooCommerce plugin <= 2.27 - Reflected Cross Site Scripting (XSS) vulnerability | Prism I.T. Systems | Multilevel Referral Affiliate Plugin for WooCommerce | High | 7.1 | 2024-12-01 21:30:37 | Deep Dive |
| CVE-2024-53783 | WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability | Anzar Ahmed | Ni WooCommerce Cost Of Goods | High | 7.6 | 2024-11-30 21:03:30 | Deep Dive |
| CVE-2024-7747 | Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types | subratamal | Wallet for WooCommerce | Medium | 6.5 | 2024-11-28 12:54:10 | Deep Dive |
| CVE-2024-9170 | Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | Medium | 5.5 | 2024-11-26 08:31:53 | Deep Dive |
| CVE-2024-10857 | Product Input Fields for WooCommerce <= 1.9 - Authenticated (Contributor+) Arbitrary File Read | tychesoftwares | Product Input Fields for WooCommerce | Medium | 6.5 | 2024-11-26 06:43:45 | Deep Dive |
| CVE-2024-11418 | Additional Order Filters for WooCommerce <= 1.21 - Reflected Cross-Site Scripting | antonbond | Additional Order Filters for WooCommerce | Medium | 6.1 | 2024-11-26 03:31:56 | Deep Dive |
| CVE-2024-10729 | Booking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update | Tyche Softwares | Booking & Appointment Plugin for WooCommerce | High | 8.8 | 2024-11-26 02:06:34 | Deep Dive |