| CVE-2024-8629 | WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting | amirhelzer | WPML Multilingual & Multicurrency for WooCommerce | Medium | 6.1 | 2024-10-08 09:33:13 | Deep Dive |
| CVE-2024-47350 | WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability | YITHEMES | YITH WooCommerce Ajax Search | Critical | 9.3 | 2024-10-06 12:55:17 | Deep Dive |
| CVE-2024-44046 | WordPress Themify plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability | themifyme | Themify – WooCommerce Product Filter | Medium | 5.9 | 2024-10-06 11:48:35 | Deep Dive |
| CVE-2024-47367 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerability | YITHEMES | YITH WooCommerce Product Add-Ons | High | 7.1 | 2024-10-06 09:43:53 | Deep Dive |
| CVE-2024-47395 | WordPress Robokassa payment gateway for Woocommerce plugin <= 1.6.1 - Reflected Cross Site Scripting (XSS) vulnerability | robokassa | Robokassa payment gateway for Woocommerce | High | 7.1 | 2024-10-05 14:38:32 | Deep Dive |
| CVE-2024-47309 | WordPress Cities Shipping Zones for WooCommerce plugin <= 1.2.7 - Local File Inclusion vulnerability | Condless | Cities Shipping Zones for WooCommerce | Medium | 6.6 | 2024-10-05 12:23:16 | Deep Dive |
| CVE-2024-8499 | Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.0.3 - Reflected Cross-Site Scripting via render_review_request_notice | themehigh | Checkout Field Editor (Checkout Manager) for WooCommerce | Medium | 4.7 | 2024-10-04 12:46:53 | Deep Dive |
| CVE-2024-9237 | Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting | wpcentrics | Advanced Shipping Rates for WooCommerce: Flexible Table Rate Shipping Rules | Medium | 6.1 | 2024-10-04 02:32:24 | Deep Dive |
| CVE-2024-9384 | Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting | wpcodefactory | Price by Quantity & Bulk Quantity Discounts for WooCommerce | Medium | 6.1 | 2024-10-04 02:04:57 | Deep Dive |
| CVE-2024-9345 | Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting | tychesoftwares | Product Delivery Date for WooCommerce – Lite | Medium | 6.1 | 2024-10-04 02:04:51 | Deep Dive |
| CVE-2024-8254 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Authenticated (Subscriber+) Arbitrary Shortcode Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.4 | 2024-10-02 06:46:02 | Deep Dive |
| CVE-2024-9289 | WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation | RedefiningTheWeb | WordPress & WooCommerce Affiliate Program | Critical | 9.8 | 2024-10-01 08:30:20 | Deep Dive |
| CVE-2024-8793 | Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More <= 2.7.2.1 - Reflected Cross-Site Scripting | jkohlbach | Store Exporter – Export WooCommerce Products, Orders, Subscriptions, Customers | Medium | 6.1 | 2024-10-01 08:30:16 | Deep Dive |
| CVE-2024-9189 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Missing Authorization | wpcodefactory | EU/UK VAT Validation Manager for WooCommerce | Medium | 5.3 | 2024-09-28 02:04:30 | Deep Dive |
| CVE-2024-8788 | EU/UK VAT Manager for WooCommerce <= 2.12.12 - Reflected Cross-Site Scripting | wpcodefactory | EU/UK VAT Validation Manager for WooCommerce | Medium | 6.1 | 2024-09-28 02:04:24 | Deep Dive |
| CVE-2024-8922 | Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php | rajeshsingh520 | PiWeb Product Enquiry or product catalog for WooCommerce | High | 8.8 | 2024-09-27 05:31:03 | Deep Dive |
| CVE-2024-8771 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-09-26 15:30:34 | Deep Dive |
| CVE-2024-8872 | Store Hours for WooCommerce <= 4.3.20 - Reflected Cross-Site Scripting | bizswoop | Store Hours for WooCommerce | Medium | 6.1 | 2024-09-26 08:29:46 | Deep Dive |
| CVE-2024-8290 | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation | wclovers | WCFM – Frontend Manager for WooCommerce | High | 8.8 | 2024-09-25 06:49:01 | Deep Dive |
| CVE-2024-8678 | Revolut Gateway for WooCommerce <= 4.17.3 - Missing Authorization to Unauthenticated Order Status Update | revolutbusiness | Revolut Gateway for WooCommerce | Medium | 5.3 | 2024-09-25 06:49:01 | Deep Dive |