| CVE-2024-37515 | WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability | Optemiz | XPlainer - WooCommerce Product FAQ | Medium | 5.8 | 2024-07-21 07:14:41 | Deep Dive |
| CVE-2024-37522 | WordPress CC & BCC for Woocommerce Order Emails plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability | Dario Curasì | CC & BCC for Woocommerce Order Emails | Medium | 5.9 | 2024-07-21 07:10:16 | Deep Dive |
| CVE-2024-37943 | WordPress YITH WooCommerce Ajax Product Filter plugin <= 5.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | YITHEMES | YITH WooCommerce Ajax Product Filter | Medium | 5.8 | 2024-07-20 08:54:23 | Deep Dive |
| CVE-2024-38669 | WordPress Predictive Search for WooCommerce plugin <= 6.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | a3rev Software | WooCommerce Predictive Search | High | 7.1 | 2024-07-20 08:01:22 | Deep Dive |
| CVE-2024-38680 | WordPress Appmaker plugin <= 1.36.12 - Reflected Cross Site Scripting (XSS) vulnerability | Appmaker | Appmaker – Convert WooCommerce to Android & iOS Native Mobile Apps | High | 7.1 | 2024-07-20 07:46:48 | Deep Dive |
| CVE-2024-38683 | WordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability | iThemelandCo | WooCommerce Report | High | 7.1 | 2024-07-20 07:43:34 | Deep Dive |
| CVE-2024-6636 | WooCommerce - Social Login <= 2.7.3 - Missing Authorization to Unauthenticated Privilege Escalation | WPWeb | WooCommerce - Social Login | Critical | 9.8 | 2024-07-20 07:38:05 | Deep Dive |
| CVE-2024-6635 | WooCommerce - Social Login <= 2.7.3 - Unauthenticated Authentication Bypass | WPWeb | WooCommerce - Social Login | High | 7.3 | 2024-07-20 07:38:04 | Deep Dive |
| CVE-2024-6637 | WooCommerce - Social Login <= 2.7.3 - Unauthenticated Privilege Escalation via One-Time Password | WPWeb | WooCommerce - Social Login | High | 7.3 | 2024-07-20 07:37:52 | Deep Dive |
| CVE-2024-3934 | Mercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File Download | claudiosanches | Mercado Pago payments for WooCommerce | Medium | 6.5 | 2024-07-20 03:20:31 | Deep Dive |
| CVE-2024-6560 | Addonify – Quick View For WooCommerce <= 1.2.16 - Unauthenticated Full Path Dislcosure | addonify | Addonify – Quick View For WooCommerce | Medium | 5.3 | 2024-07-20 02:37:15 | Deep Dive |
| CVE-2024-6799 | YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation | yithemes | YITH Essential Kit for WooCommerce #1 | Medium | 4.3 | 2024-07-19 07:36:45 | Deep Dive |
| CVE-2024-5703 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.26 - Missing Authorization | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.3 | 2024-07-17 07:32:19 | Deep Dive |
| CVE-2024-6457 | HUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL Injection | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Critical | 9.8 | 2024-07-16 11:00:59 | Deep Dive |
| CVE-2024-6579 | Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification | genetechproducts | Web and WooCommerce Addons for WPBakery Builder | Medium | 4.3 | 2024-07-16 09:32:12 | Deep Dive |
| CVE-2024-2691 | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 6.4 | 2024-07-16 08:32:30 | Deep Dive |
| CVE-2024-3964 | Product Enquiry for WooCommerce < 3.1.8 - Admin+ Stored XSS | Unknown | Product Enquiry for WooCommerce | - | - | 2024-07-13 06:00:05 | Deep Dive |
| CVE-2024-37932 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Arbitrary File Deletion vulnerability | anhvnit | Woocommerce OpenPos | High | 8.6 | 2024-07-12 14:03:09 | Deep Dive |
| CVE-2024-37202 | WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.17 - Broken Access Control to XSS vulnerability | BinaryCarpenter | Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter | Medium | 6.5 | 2024-07-12 13:30:29 | Deep Dive |
| CVE-2024-37544 | WordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerability | Saleswonder Team: Tobias | Get Better Reviews for WooCommerce | Medium | 4.3 | 2024-07-12 13:26:07 | Deep Dive |