| CVE-2024-4632 | WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 6.4 | 2024-06-19 08:33:58 | Deep Dive |
| CVE-2024-5768 | MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting | surakrai | MIMO Woocommerce Order Tracking | Medium | 6.4 | 2024-06-19 03:12:32 | Deep Dive |
| CVE-2024-5868 | WooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient Randomness | WPWeb | WooCommerce - Social Login | Medium | 6.5 | 2024-06-15 03:35:11 | Deep Dive |
| CVE-2024-5871 | WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection | WPWeb | WooCommerce - Social Login | Critical | 9.8 | 2024-06-15 03:35:11 | Deep Dive |
| CVE-2024-6000 | FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload | FooEvents | FooEvents for WooCommerce | High | 7.1 | 2024-06-15 03:18:58 | Deep Dive |
| CVE-2024-3815 | Newspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Meta | - | Newspaper - News & WooCommerce WordPress Theme | Medium | 5.5 | 2024-06-15 02:01:59 | Deep Dive |
| CVE-2023-51495 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability | Woo | WooCommerce Warranty Requests | Medium | 6.5 | 2024-06-14 05:42:34 | Deep Dive |
| CVE-2023-51496 | WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability | Woo | WooCommerce Warranty Requests | Medium | 5.3 | 2024-06-14 05:40:13 | Deep Dive |
| CVE-2023-51497 | WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability | Woo | WooCommerce Ship to Multiple Addresses | Medium | 5.4 | 2024-06-14 05:33:58 | Deep Dive |
| CVE-2023-51523 | WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability | WriterSystem | WooCommerce Easy Duplicate Product | Medium | 4.3 | 2024-06-14 00:56:44 | Deep Dive |
| CVE-2023-29174 | WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability | NervyThemes | SKU Label Changer For WooCommerce | Medium | 6.5 | 2024-06-13 23:53:11 | Deep Dive |
| CVE-2024-4371 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection | codexpert | CoDesigner – All in One Elementor WooCommerce Builder | Critical | 9.0 | 2024-06-13 08:31:33 | Deep Dive |
| CVE-2024-37297 | WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms | woocommerce | woocommerce | Medium | 5.4 | 2024-06-12 15:05:46 | Deep Dive |
| CVE-2023-41240 | WordPress Pricing Deals for WooCommercePricing Deals for WooCommerce plugin <= 2.0.3.2 - Broken Access Control vulnerability | Vark | Pricing Deals for WooCommerce | Medium | 5.3 | 2024-06-12 09:49:24 | Deep Dive |
| CVE-2024-4845 | Icegram Express <= 5.7.22 - Authenticated (Subscriber+) SQL Injection Vulnerability via options[list_id] | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | High | 8.8 | 2024-06-12 09:33:12 | Deep Dive |
| CVE-2023-51679 | WordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerability | BulkGate | BulkGate SMS Plugin for WooCommerce | Medium | 5.4 | 2024-06-12 08:47:21 | Deep Dive |
| CVE-2023-51680 | WordPress Quotes for WooCommerce plugin <= 2.0.1 - Broken Access Control vulnerability | TechnoVama | Quotes for WooCommerce | Medium | 4.3 | 2024-06-12 08:46:13 | Deep Dive |
| CVE-2024-4564 | CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | codexpert | CoDesigner – All in One Elementor WooCommerce Builder | Medium | 6.4 | 2024-06-12 03:33:15 | Deep Dive |
| CVE-2024-34763 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.5 - Broken Access Control vulnerability | Saleswonder Team: Tobias | Builder for WooCommerce reviews shortcodes – ReviewShort | Medium | 5.3 | 2024-06-11 16:57:38 | Deep Dive |
| CVE-2023-52227 | WordPress MailerLite – WooCommerce integration plugin <= 2.0.8 - Broken Access Control vulnerability | MailerLite | MailerLite – WooCommerce integration | Medium | 4.3 | 2024-06-11 16:25:43 | Deep Dive |