| CVE-2024-37933 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated SQL Injection vulnerability | anhvnit | Woocommerce OpenPos | Critical | 9.3 | 2024-07-12 13:23:07 | Deep Dive |
| CVE-2024-6353 | Wallet for WooCommerce <= 1.5.4 - Authenticated (Subscriber+) SQL Injection via 'search[value]' | subratamal | Wallet for WooCommerce | High | 8.8 | 2024-07-12 08:32:13 | Deep Dive |
| CVE-2024-6666 | WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id | wedevs | ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support | High | 8.8 | 2024-07-11 06:43:14 | Deep Dive |
| CVE-2024-37520 | WordPress ShopBuilder – Elementor WooCommerce Builder Addons plugin <= 2.1.12 - Local File Inclusion vulnerability | RadiusTheme | ShopBuilder – Elementor WooCommerce Builder Addons | Medium | 6.5 | 2024-07-09 12:20:03 | Deep Dive |
| CVE-2024-35777 | WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability | Automattic | WooCommerce | Low | 3.5 | 2024-07-09 09:57:22 | Deep Dive |
| CVE-2024-37502 | WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability | wpweb | WooCommerce Social Login | Medium | 5.4 | 2024-07-09 08:57:03 | Deep Dive |
| CVE-2024-5669 | XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | happydevs | Happy WooCommerce FAQs – Ultimate Product FAQ Plugin | Medium | 6.4 | 2024-07-09 08:33:12 | Deep Dive |
| CVE-2024-5704 | XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update | happydevs | Happy WooCommerce FAQs – Ultimate Product FAQ Plugin | Medium | 4.3 | 2024-07-09 08:33:03 | Deep Dive |
| CVE-2024-4482 | The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-07-03 07:32:37 | Deep Dive |
| CVE-2024-6172 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-07-02 06:49:43 | Deep Dive |
| CVE-2024-5192 | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload | amans2k | FunnelKit – Funnel Builder for WooCommerce Checkout | Medium | 6.4 | 2024-06-29 04:33:28 | Deep Dive |
| CVE-2024-4983 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-06-27 08:34:21 | Deep Dive |
| CVE-2024-5431 | WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce <= 2.2.25 - Authenticated (Contributor+) File inclusion via Shortcode | arraytics | WPCafe – Restaurant Menu, Online Food Ordering & Table Booking System | High | 8.8 | 2024-06-25 05:41:47 | Deep Dive |
| CVE-2024-6027 | Themify - WooCommerce Product Filter <= 1.4.9 - Unauthenticated SQL Injection via conditions Parameter | themifyme | Themify – WooCommerce Product Filter | Critical | 9.8 | 2024-06-21 09:39:38 | Deep Dive |
| CVE-2024-5756 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-06-21 04:34:11 | Deep Dive |
| CVE-2024-1639 | License Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure | saadiqbal | License Manager for WooCommerce | Medium | 6.5 | 2024-06-21 02:05:43 | Deep Dive |
| CVE-2023-37872 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability | Woo | WooCommerce Ship to Multiple Addresses | Medium | 6.5 | 2024-06-19 13:44:31 | Deep Dive |
| CVE-2023-37870 | WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability | Woo | WooCommerce Warranty Requests | High | 8.1 | 2024-06-19 12:29:21 | Deep Dive |
| CVE-2023-35049 | WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability | WooCommerce | WooCommerce Stripe Payment Gateway | High | 7.5 | 2024-06-19 12:26:53 | Deep Dive |
| CVE-2023-47681 | WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability | QuadLayers | WooCommerce Checkout Manager | Medium | 6.5 | 2024-06-19 11:07:45 | Deep Dive |