| CVE-2024-4566 | ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | High | 7.1 | 2024-05-21 08:31:04 | Deep Dive |
| CVE-2024-3155 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting | pickplugins | Post Grid | Medium | 6.4 | 2024-05-21 02:32:59 | Deep Dive |
| CVE-2024-32680 | WordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerability | PluginUS | HUSKY – Products Filter for WooCommerce (formerly WOOF) | High | 8.8 | 2024-05-17 08:59:16 | Deep Dive |
| CVE-2024-32511 | WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability | Astoundify | Simple Registration for WooCommerce | Critical | 9.8 | 2024-05-17 08:55:58 | Deep Dive |
| CVE-2024-27971 | WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.10 - Local File Inclusion vulnerability | Premmerce | Premmerce Permalink Manager for WooCommerce | High | 8.3 | 2024-05-17 08:51:36 | Deep Dive |
| CVE-2023-51546 | WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.2.1 - Privilege Escalation vulnerability | WebToffee | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | High | 7.2 | 2024-05-17 08:44:58 | Deep Dive |
| CVE-2023-51481 | WordPress Local Delivery Drivers for WooCommerce plugin <= 1.9.0 - Unauthenticated Account Takeover vulnerability | powerfulwp | Local Delivery Drivers for WooCommerce | Critical | 9.8 | 2024-05-17 08:44:11 | Deep Dive |
| CVE-2024-34370 | WordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerability | WPFactory | EAN for WooCommerce | High | 7.2 | 2024-05-17 08:12:42 | Deep Dive |
| CVE-2023-35881 | WordPress WooCommerce One Page Checkout plugin <= 2.3.0 - Local File Inclusion vulnerability | WooCommerce | WooCommerce One Page Checkout | High | 7.6 | 2024-05-17 06:46:48 | Deep Dive |
| CVE-2022-45070 | WordPress Conditional Checkout Fields for WooCommerce plugin <= 1.2.3 - Broken Authentication vulnerability | FmeAddons | Conditional Checkout Fields for WooCommerce | Medium | 5.3 | 2024-05-17 06:27:26 | Deep Dive |
| CVE-2024-3609 | ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 4.3 | 2024-05-16 20:31:05 | Deep Dive |
| CVE-2024-34751 | WordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerability | WebToffee | Order Export & Order Import for WooCommerce | Medium | 4.4 | 2024-05-16 15:47:13 | Deep Dive |
| CVE-2024-4010 | Email Subscribers by Icegram Express <= 5.7.19 - Missing Authorization in handle_ajax_request | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | High | 8.8 | 2024-05-15 08:34:13 | Deep Dive |
| CVE-2024-4624 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-14 11:33:11 | Deep Dive |
| CVE-2024-0870 | YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update | yithemes | YITH WooCommerce Gift Cards | Medium | 5.3 | 2024-05-14 02:38:19 | Deep Dive |
| CVE-2024-35167 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability | EnvoThemes | Envo's Elementor Templates & Widgets for WooCommerce | Medium | 6.5 | 2024-05-13 10:02:54 | Deep Dive |
| CVE-2024-34812 | WordPress ShopBuilder plugin <= 2.1.8 - Sensitive Data Exposure vulnerability | RadiusTheme | ShopBuilder – Elementor WooCommerce Builder Addons | Medium | 5.3 | 2024-05-13 09:21:18 | Deep Dive |
| CVE-2024-4039 | Orders Tracking for WooCommerce <= 1.2.10 - Unauthenticated Arbitrary Shortcode Execution | villatheme | Orders Tracking for WooCommerce | Medium | 6.5 | 2024-05-10 09:32:10 | Deep Dive |
| CVE-2024-4275 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Interactive Circles' | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-10 07:33:39 | Deep Dive |
| CVE-2024-4449 | Essential Addons for Elementor <= 5.9.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Several Widgets | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-10 07:33:38 | Deep Dive |