| CVE-2024-49651 | WordPress WooCommerce Maintenance Mode plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | Matt Royal | WooCommerce Maintenance Mode | High | 7.1 | 2024-10-29 11:59:23 | Deep Dive |
| CVE-2024-10233 | SMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe Shortcode | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 6.4 | 2024-10-29 11:01:36 | Deep Dive |
| CVE-2024-10436 | WPC Smart Messages for WooCommerce <= 4.2.1 - Authenticated (Subscriber+) Local File Inclusion | wpclever | WPC Smart Messages for WooCommerce | High | 8.8 | 2024-10-29 09:31:30 | Deep Dive |
| CVE-2024-10437 | WPC Smart Messages for WooCommerce <= 4.2.1 - Missing Authorization to Authenticated (Subscriber+) Message Activation/Deactivation | wpclever | WPC Smart Messages for WooCommerce | Medium | 4.3 | 2024-10-29 09:31:30 | Deep Dive |
| CVE-2024-50482 | WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerability | Chetan Khandla | Woocommerce Product Design | Critical | 10.0 | 2024-10-29 07:57:37 | Deep Dive |
| CVE-2024-50494 | WordPress Sudan Payment Gateway for WooCommerce plugin <= 1.2.2 - Arbitrary File Upload vulnerability | Amin Omer | Sudan Payment Gateway for WooCommerce | Critical | 10.0 | 2024-10-29 07:53:53 | Deep Dive |
| CVE-2024-50447 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.19 - Cross Site Scripting (XSS) vulnerability | EnvoThemes | Envo's Elementor Templates & Widgets for WooCommerce | Medium | 6.5 | 2024-10-28 17:57:27 | Deep Dive |
| CVE-2024-50448 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability | YITHEMES | YITH WooCommerce Product Add-Ons | High | 7.1 | 2024-10-28 17:56:19 | Deep Dive |
| CVE-2024-50479 | WordPress Woocommerce Quote Calculator plugin <= 1.1 - SQL Injection vulnerability | chenyenming | Woocommerce Quote Calculator | Critical | 9.3 | 2024-10-28 12:39:48 | Deep Dive |
| CVE-2024-50416 | WordPress WPC Shop as a Customer for WooCommerce plugin <= 1.2.6 - PHP Object Injection vulnerability | WPClever | WPC Shop as a Customer for WooCommerce | High | 8.8 | 2024-10-28 11:30:58 | Deep Dive |
| CVE-2024-9109 | UPS Live Rates and Access Points <= 2.3.12 - Missing Authorization to Plugin API key reset | octolize | Shipping Live Rates and Access Points for UPS for WooCommerce | Medium | 4.3 | 2024-10-25 05:35:28 | Deep Dive |
| CVE-2024-9214 | Extra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site Scripting | edgarrojas | Extra Product Options Builder for WooCommerce | Medium | 6.1 | 2024-10-24 11:03:16 | Deep Dive |
| CVE-2024-8667 | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Publication | nlemsieh | HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce | Medium | 4.3 | 2024-10-24 07:35:57 | Deep Dive |
| CVE-2024-9943 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates | wcmp | MultiVendorX – WooCommerce Multivendor Marketplace Solutions | Medium | 6.3 | 2024-10-24 07:35:57 | Deep Dive |
| CVE-2024-9531 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending | wcmp | MultiVendorX – WooCommerce Multivendor Marketplace Solutions | Medium | 4.3 | 2024-10-24 07:35:56 | Deep Dive |
| CVE-2024-49658 | WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability | ecomerciar | Woocommerce Custom Profile Picture | Critical | 9.9 | 2024-10-23 15:37:50 | Deep Dive |
| CVE-2024-9927 | WooCommerce Order Proposal <= 2.0.5 - Authenticated (Shop Manager+) Privilege Escalation via Order Proposal | WP Overnight BV | WooCommerce Order Proposal | High | 7.2 | 2024-10-23 02:06:04 | Deep Dive |
| CVE-2024-47634 | WordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerability | Streamline | CartBounty – Save and recover abandoned carts for WooCommerce | Medium | 5.4 | 2024-10-20 10:29:42 | Deep Dive |
| CVE-2024-44061 | WordPress EU/UK VAT Manager for WooCommerce plugin <= 2.12.14 - CSRF to Cross Site Scripting (XSS) vulnerability | WPFactory | EU/UK VAT Manager for WooCommerce | High | 7.1 | 2024-10-20 09:06:57 | Deep Dive |
| CVE-2024-10049 | Edit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via page | ioannup | Edit WooCommerce Templates | Medium | 6.1 | 2024-10-18 04:32:52 | Deep Dive |