| CVE-2024-43132 | WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated SQL Injection vulnerability | WPWeb Elite | Docket (WooCommerce Collections / Wishlist / Watchlist) | Critical | 9.3 | 2024-08-29 14:44:12 | Deep Dive |
| CVE-2024-43986 | WordPress E-cab taxi booking manager plugin <=1.0.9 - Cross Site Scripting (XSS) vulnerability | MagePeople Team | Taxi Booking Manager for WooCommerce | Medium | 5.9 | 2024-08-29 09:00:17 | Deep Dive |
| CVE-2024-6448 | Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure | mollieintegration | Mollie Payments for WooCommerce | Medium | 5.3 | 2024-08-28 03:27:28 | Deep Dive |
| CVE-2024-8030 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Critical | 9.8 | 2024-08-28 02:05:47 | Deep Dive |
| CVE-2024-39657 | WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability | Sender | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Medium | 4.3 | 2024-08-26 20:54:09 | Deep Dive |
| CVE-2024-43316 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability | Checkout Plugins | Stripe Payments For WooCommerce by Checkout | Medium | 5.3 | 2024-08-26 20:36:44 | Deep Dive |
| CVE-2024-43259 | WordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerability | WebFactory | Order Export for WooCommerce | Medium | 5.3 | 2024-08-26 20:13:25 | Deep Dive |
| CVE-2024-7258 | WooCommerce Google Feed Manager <= 2.8.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Deletion | aukejomm | WPMR Google Feed Manager for WooCommerce – Sell on Google Merchant Center & Shopping | High | 8.8 | 2024-08-23 04:30:08 | Deep Dive |
| CVE-2024-5583 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-08-22 02:02:04 | Deep Dive |
| CVE-2024-5335 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection | bdthemes | Ultimate Store Kit – Addon For WooCommerce, EDD and Elementor | Critical | 9.8 | 2024-08-21 08:29:15 | Deep Dive |
| CVE-2024-5763 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-08-20 03:21:10 | Deep Dive |
| CVE-2024-6575 | The Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-08-20 03:21:10 | Deep Dive |
| CVE-2024-43315 | WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability | Checkout Plugins | Stripe Payments For WooCommerce by Checkout | High | 7.5 | 2024-08-18 21:32:22 | Deep Dive |
| CVE-2024-43292 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerability | EnvoThemes | Envo's Elementor Templates & Widgets for WooCommerce | Medium | 5.9 | 2024-08-18 21:12:15 | Deep Dive |
| CVE-2024-39666 | WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability | Automattic | WooCommerce | Medium | 5.9 | 2024-08-18 13:37:18 | Deep Dive |
| CVE-2024-6500 | InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete | inspirelabs | InPost for WooCommerce | Critical | 10.0 | 2024-08-17 02:31:00 | Deep Dive |
| CVE-2024-43138 | WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability | MagePeople Team | Event Manager for WooCommerce | Medium | 6.5 | 2024-08-13 11:35:21 | Deep Dive |
| CVE-2024-43131 | WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability | WPWeb | Docket (WooCommerce Collections / Wishlist / Watchlist) | High | 7.5 | 2024-08-13 10:56:02 | Deep Dive |
| CVE-2024-43128 | WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability | WC Product Table | WooCommerce Product Table Lite | Medium | 6.5 | 2024-08-13 10:52:04 | Deep Dive |
| CVE-2024-39651 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerability | WPWeb | WooCommerce PDF Vouchers | High | 8.6 | 2024-08-13 10:48:42 | Deep Dive |