| CVE-2024-11034 | Request a Quote for WooCommerce and Elementor – Get a Quote Button – Product Enquiry Form Popup – Product Quotation <= 1.4 - Unauthenticated Arbitrary Shortcode Execution via fire_contact_form | wpbean | Request a Quote for WooCommerce – Get a Quote Button | High | 7.3 | 2024-11-23 11:23:16 | Deep Dive |
| CVE-2024-10519 | Wishlist for WooCommerce: Multi Wishlists Per Customer PRO 3.0.8 - 3.1.2 - Reflected Cross-Site Scripting via wtab Parameter | karzin | Wishlist for WooCommerce: Multi Wishlists Per Customer PRO | Medium | 6.1 | 2024-11-23 09:39:11 | Deep Dive |
| CVE-2024-9635 | Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting | theafricanboss | Checkout with Cash App on WooCommerce | Medium | 6.1 | 2024-11-23 06:54:54 | Deep Dive |
| CVE-2024-11361 | PDF Invoices & Packing Slips Generator for WooCommerce <= 2.2.1 - Reflected Cross-Site Scripting | wpcodefactory | PDF Invoices & Packing Slips Generator for WooCommerce | Medium | 6.1 | 2024-11-23 04:32:23 | Deep Dive |
| CVE-2024-10813 | Product Table for WooCommerce by CodeAstrology (wooproducttable.com) <= 3.5.1 - Information Exposure | codersaiful | Product Table for WooCommerce | Medium | 5.3 | 2024-11-23 03:25:51 | Deep Dive |
| CVE-2024-11362 | Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net <= 1.112.0 - Reflected Cross-Site Scripting | peachpay | PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net, NMI) | Medium | 6.1 | 2024-11-23 03:25:50 | Deep Dive |
| CVE-2024-10792 | Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels <= 3.5.5 - Reflected Cross-Site Scripting | getwpfunnels | WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell | Medium | 6.1 | 2024-11-21 09:32:50 | Deep Dive |
| CVE-2024-11370 | Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting | mediaticus | Subaccounts for WooCommerce | Medium | 6.1 | 2024-11-21 02:06:26 | Deep Dive |
| CVE-2024-10365 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 4.3 | 2024-11-20 06:42:57 | Deep Dive |
| CVE-2024-10899 | WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting | wcproducttable | Product Table and List Builder for WooCommerce Lite | High | 7.3 | 2024-11-20 06:42:56 | Deep Dive |
| CVE-2024-9239 | Booster for WooCommerce <= 7.2.3 - Reflected Cross-Site Scripting | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | Medium | 6.1 | 2024-11-20 06:42:56 | Deep Dive |
| CVE-2024-11400 | HUSKY – Products Filter for WooCommerce <= 1.3.6.3 - Reflected Cross-Site Scripting via really_curr_tax Parameter | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Medium | 6.1 | 2024-11-19 21:31:52 | Deep Dive |
| CVE-2024-52395 | WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability | QuantumCloud | Floating Buttons for WooCommerce | Medium | 5.3 | 2024-11-19 16:30:37 | Deep Dive |
| CVE-2024-10486 | Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File | woocommerce | Google for WooCommerce | Medium | 5.3 | 2024-11-18 21:31:09 | Deep Dive |
| CVE-2024-10614 | Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation | ivole | Customer Reviews for WooCommerce | Medium | 4.3 | 2024-11-16 05:39:34 | Deep Dive |
| CVE-2024-8873 | PeproDev WooCommerce Receipt Uploader <= 2.6.9 - Reflected Cross-Site Scripting | peprodev | PeproDev WooCommerce Receipt Uploader | Medium | 6.1 | 2024-11-16 03:20:52 | Deep Dive |
| CVE-2024-8978 | Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.7 | 2024-11-15 09:29:40 | Deep Dive |
| CVE-2024-8979 | Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | High | 8.0 | 2024-11-15 09:29:39 | Deep Dive |
| CVE-2024-8961 | Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-11-15 06:48:03 | Deep Dive |
| CVE-2024-9356 | Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.9 - Reflected Cross-Site Scripting | yotpo | Yotpo: Product & Photo Reviews for WooCommerce | Medium | 6.1 | 2024-11-15 05:30:56 | Deep Dive |