| CVE-2024-49288 | WordPress Email Template Customizer for WooCommerce plugin <= 1.2.9.1 - Cross Site Scripting (XSS) vulnerability | VillaTheme | Email Template Customizer for WooCommerce | Medium | 5.9 | 2024-10-17 19:11:51 | Deep Dive |
| CVE-2024-49244 | WordPress SV Product Import Export for WooCommerce plugin <= 1.0.0 - SQL Injection vulnerability | vrinsoft | CSV Product Import Export for WooCommerce | - | - | 2024-10-17 17:33:11 | Deep Dive |
| CVE-2024-49305 | WordPress Customer Email Verification for WooCommerce plugin <= 2.8.10 - SQL Injection vulnerability | WPFactory | Email Verification for WooCommerce | Critical | 9.3 | 2024-10-17 17:25:59 | Deep Dive |
| CVE-2024-48047 | WordPress Linked Variation for WooCommerce plugin <= 1.0.5 - Cross Site Request Forgery (CSRF) vulnerability | Razon Komar Pal | Linked Variation for WooCommerce | Medium | 4.3 | 2024-10-17 12:10:50 | Deep Dive |
| CVE-2024-9213 | Persian WooCommerce SMS <= 7.0.2 - Reflected Cross-Site Scripting | persianscript | افزونه پیامک ووکامرس Persian WooCommerce SMS | Medium | 6.1 | 2024-10-17 06:52:34 | Deep Dive |
| CVE-2020-36841 | WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation | WooCommerce | WooCommerce Smart Coupons | Medium | 5.3 | 2024-10-16 12:45:52 | Deep Dive |
| CVE-2017-20193 | Product Vendors <= 2.0.35 - Reflected Cross Site Scripting | WooCommerce | Product Vendors | Medium | 4.7 | 2024-10-16 07:31:51 | Deep Dive |
| CVE-2021-4447 | Essential Addons for Elementor <= 4.6.4 - Authenticated (Contributor+) Privilege Escalation | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | High | 8.8 | 2024-10-16 06:43:42 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2020-36834 | Discount Rules for WooCommerce <= 2.0.2 - Missing Authorization | flycart | Discount Rules for WooCommerce | Medium | 6.3 | 2024-10-16 06:43:27 | Deep Dive |
| CVE-2021-4446 | Essential Addons for Elementor <= 4.6.4 - Missing Authorization | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.3 | 2024-10-16 06:43:26 | Deep Dive |
| CVE-2024-8541 | Discount Rules for WooCommerce – Create Smart WooCommerce Coupons & Discounts, Bulk Discount, BOGO Coupons <= 2.6.5 - Reflected Cross-Site Scripting | flycart | Discount Rules for WooCommerce | Medium | 4.7 | 2024-10-16 02:05:01 | Deep Dive |
| CVE-2024-9944 | WooCommerce <= 9.0.2 - Unauthenticated HTML Injection | automattic | WooCommerce | Medium | 5.3 | 2024-10-15 05:31:32 | Deep Dive |
| CVE-2024-9756 | Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload | sldesignpl | Order Attachments for WooCommerce | Medium | 4.3 | 2024-10-12 06:51:10 | Deep Dive |
| CVE-2024-9821 | Bot for Telegram on WooCommerce <= 1.2.7 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass | guruteam | Bot for Telegram on WooCommerce | High | 8.8 | 2024-10-12 02:05:45 | Deep Dive |
| CVE-2024-9538 | ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 4.3 | 2024-10-11 11:01:55 | Deep Dive |
| CVE-2024-8913 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 4.3 | 2024-10-11 08:30:46 | Deep Dive |
| CVE-2024-9156 | TI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQL Injection via lang parameters | Unknown | TI WooCommerce Wishlist | - | - | 2024-10-10 06:00:04 | Deep Dive |
| CVE-2024-9377 | Products, Order & Customers Export for WooCommerce <= 2.0.15 - Reflected Cross-Site Scripting | wpcodefactory | Export Products, Orders & Customers for WooCommerce | Medium | 6.1 | 2024-10-10 02:06:09 | Deep Dive |
| CVE-2024-9205 | Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting | wpcodefactory | Maximum Products per User for WooCommerce | Medium | 6.1 | 2024-10-10 02:06:04 | Deep Dive |