| CVE-2024-8658 | myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade | saadiqbal | Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred | Medium | 5.3 | 2024-09-25 05:32:10 | Deep Dive |
| CVE-2024-8668 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-09-25 04:30:28 | Deep Dive |
| CVE-2024-7491 | HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.1 - Insecure Direct Object Reference to Unsubscribe | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Medium | 5.3 | 2024-09-25 02:05:26 | Deep Dive |
| CVE-2024-6590 | Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update | javmah | WPGSI: Spreadsheet Integration | Medium | 6.3 | 2024-09-25 02:05:25 | Deep Dive |
| CVE-2024-8716 | XT Ajax Add To Cart for WooCommerce <= 1.1.2 - Reflected Cross-Site Scripting | xplodedthemes | XT Ajax Add To Cart for WooCommerce | Medium | 6.1 | 2024-09-24 01:56:46 | Deep Dive |
| CVE-2024-7846 | YITH WooCommerce Ajax Search < 2.7.1 - Contributor+ Stored XSS | Unknown | YITH WooCommerce Ajax Search | - | - | 2024-09-23 06:00:02 | Deep Dive |
| CVE-2024-44048 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability | wpWax | Product Carousel Slider & Grid Ultimate for WooCommerce | Medium | 6.5 | 2024-09-23 00:03:59 | Deep Dive |
| CVE-2024-45459 | WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability | PickPlugins | Product Slider for WooCommerce | High | 7.1 | 2024-09-15 07:41:38 | Deep Dive |
| CVE-2024-8724 | Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting | xootix | Waitlist Woocommerce ( Back in stock notifier ) | Medium | 6.1 | 2024-09-14 03:19:29 | Deep Dive |
| CVE-2024-8271 | FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution | realmag777 | FOX – Currency Switcher Professional for WooCommerce | High | 7.3 | 2024-09-14 02:04:21 | Deep Dive |
| CVE-2022-3459 | WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding | ankitpokhrel | WooCommerce Multiple Free Gift | Medium | 5.3 | 2024-09-14 02:04:19 | Deep Dive |
| CVE-2024-8742 | Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-09-13 06:47:29 | Deep Dive |
| CVE-2024-8277 | WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation | villatheme | WooCommerce Photo Reviews Premium | Critical | 9.8 | 2024-09-11 08:31:05 | Deep Dive |
| CVE-2024-8440 | Essential Addons for Elementor -- Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-09-11 06:42:25 | Deep Dive |
| CVE-2024-8289 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover | wcmp | MultiVendorX – WooCommerce Multivendor Marketplace Solutions | Critical | 9.8 | 2024-09-04 08:30:39 | Deep Dive |
| CVE-2024-6722 | Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS | Unknown | Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot | - | - | 2024-09-04 06:00:03 | Deep Dive |
| CVE-2024-8319 | Tourfic <= 2.11.20 - Cross-Site Request Forgery in Multiple Functions | themefic | Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin | Medium | 4.3 | 2024-08-30 07:33:10 | Deep Dive |
| CVE-2024-43960 | WordPress Web and WooCommerce Addons for WPBakery Builder plugin <= 1.4.6 - Cross Site Scripting (XSS) vulnerability | Page Builder Addons | Web and WooCommerce Addons for WPBakery Builder | Medium | 5.9 | 2024-08-29 17:47:34 | Deep Dive |
| CVE-2024-43943 | WordPress Greenshift Woocommerce Addon plugin < 1.9.8 - Subscriber+ SQL Injection vulnerability | Wpsoul | Greenshift Woocommerce Addon | High | 8.5 | 2024-08-29 15:14:16 | Deep Dive |
| CVE-2024-43917 | WordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerability | TemplateInvaders | TI WooCommerce Wishlist | Critical | 9.3 | 2024-08-29 14:46:36 | Deep Dive |