| CVE-2024-38747 | WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability | HitPay Payment Solutions Pte Ltd | HitPay Payment Gateway for WooCommerce | High | 7.5 | 2024-08-13 10:20:15 | Deep Dive |
| CVE-2024-38699 | WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability | WP Swings | Wallet System for WooCommerce | High | 7.5 | 2024-08-13 10:13:06 | Deep Dive |
| CVE-2024-37935 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Sensitive Data Exposure vulnerability | anhvnit | Woocommerce OpenPos | High | 7.5 | 2024-08-13 09:47:40 | Deep Dive |
| CVE-2024-7092 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via no_more_items_text Parameter | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-08-13 04:29:11 | Deep Dive |
| CVE-2024-43126 | WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability | Sender | Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | High | 7.1 | 2024-08-12 22:34:23 | Deep Dive |
| CVE-2024-43127 | WordPress Products, Order & Customers Export for WooCommerce plugin <= 2.0.11 - Reflected Cross Site Scripting (XSS) vulnerability | WPFactory | Products, Order & Customers Export for WooCommerce | High | 7.1 | 2024-08-12 22:32:18 | Deep Dive |
| CVE-2024-7503 | WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover | WPWeb | WooCommerce - Social Login | Critical | 9.8 | 2024-08-10 02:01:24 | Deep Dive |
| CVE-2024-7257 | YayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file Function | yaycommerce | YayExtra – WooCommerce Extra Product Options | Critical | 9.8 | 2024-08-03 09:37:19 | Deep Dive |
| CVE-2024-39652 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability | WPWeb Elite | WooCommerce PDF Vouchers | High | 7.1 | 2024-08-01 21:50:39 | Deep Dive |
| CVE-2024-38772 | WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability | Crocoblock | JetWidgets for Elementor and WooCommerce | Medium | 6.5 | 2024-08-01 20:49:55 | Deep Dive |
| CVE-2024-3983 | WooCommerce Customers Manager < 30.1 - Bulk Action via CSRF | Unknown | WooCommerce Customers Manager | - | - | 2024-08-01 06:00:05 | Deep Dive |
| CVE-2024-2843 | WooCommerce Customers Manager < 30.1 - User Deletion via CSRF | Unknown | WooCommerce Customers Manager | - | - | 2024-08-01 06:00:04 | Deep Dive |
| CVE-2024-1747 | WooCommerce Customers Manager < 30.2 - Subscriber+ Stored XSS | Unknown | WooCommerce Customers Manager | - | - | 2024-08-01 06:00:03 | Deep Dive |
| CVE-2024-6687 | CTT Expresso para WooCommerce <= 3.2.12 - Information Exposure via Unprotected Directory | limpinho | CTT Expresso para WooCommerce | Medium | 5.3 | 2024-08-01 01:59:32 | Deep Dive |
| CVE-2024-6458 | WooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site Scripting | wcproducttable | Product Table and List Builder for WooCommerce Lite | Medium | 6.4 | 2024-07-27 08:36:37 | Deep Dive |
| CVE-2024-6566 | Aramex Shipping WooCommerce <= 1.1.21 - Unauthenticated Full Path Disclosure | aramex | Aramex Shipping WooCommerce | Medium | 5.3 | 2024-07-27 01:51:06 | Deep Dive |
| CVE-2024-6836 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings Update | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 4.3 | 2024-07-24 05:31:56 | Deep Dive |
| CVE-2024-7027 | WooCommerce - PDF Vouchers <= 4.9.3 - Authentication Bypass to Voucher Vendor | WPWeb | WooCommerce - PDF Vouchers | High | 7.3 | 2024-07-24 02:33:57 | Deep Dive |
| CVE-2024-37217 | WordPress Empty Cart Button for WooCommerce plugin <= 1.3.8 - Cross Site Scripting (XSS) vulnerability | ProWCPlugins | Empty Cart Button for WooCommerce | Medium | 6.5 | 2024-07-22 09:24:46 | Deep Dive |
| CVE-2024-37509 | WordPress MakeCommerce for WooCommerce plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerability | Maksekeskus AS | MakeCommerce for WooCommerce | High | 7.1 | 2024-07-21 07:19:00 | Deep Dive |