| CVE-2024-4448 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Dual Color Header', 'Event Calendar', & 'Advanced Data Table' | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-10 07:33:37 | Deep Dive |
| CVE-2024-4038 | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro <= 5.3.1 - Unauthenticated Arbitrary Shortcode Execution | propluginslab | Back In Stock Notifier for WooCommerce | WooCommerce Waitlist Pro | Medium | 6.5 | 2024-05-09 20:03:41 | Deep Dive |
| CVE-2024-2785 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age Gate | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-09 20:03:40 | Deep Dive |
| CVE-2024-0445 | The Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | posimyththemes | The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce | Medium | 6.4 | 2024-05-09 20:03:37 | Deep Dive |
| CVE-2023-6327 | ShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_products | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 5.3 | 2024-05-09 20:03:22 | Deep Dive |
| CVE-2024-4233 | Broken Access Control vulnerability in multiple WordPress plugins by Tyche Softwares | Tyche Softwares | Print Invoice & Delivery Notes for WooCommerce | Medium | 4.3 | 2024-05-08 13:20:00 | Deep Dive |
| CVE-2024-32807 | WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability | Brevo | Sendinblue for WooCommerce | High | 8.5 | 2024-05-06 17:44:26 | Deep Dive |
| CVE-2024-2752 | Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting | wooassist | Where Did You Hear About Us Checkout Field for WooCommerce | Medium | 5.5 | 2024-05-02 16:52:54 | Deep Dive |
| CVE-2024-2876 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Critical | 9.8 | 2024-05-02 16:52:46 | Deep Dive |
| CVE-2024-1679 | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Templates | ukrsolution | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | Medium | 6.4 | 2024-05-02 16:52:35 | Deep Dive |
| CVE-2024-0629 | 2Checkout Payment Gateway for WooCommerce <= 6.2 - Missing Authorization via sniff_ins | nmedia | 2Checkout Payment Gateway for WooCommerce | Medium | 5.3 | 2024-05-02 16:52:33 | Deep Dive |
| CVE-2024-1173 | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.13.1 - Authenticated (AccountingManager+) SQL Injection | wedevs | ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support | High | 7.2 | 2024-05-02 16:52:26 | Deep Dive |
| CVE-2023-7067 | ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 4.3 | 2024-05-02 16:52:21 | Deep Dive |
| CVE-2024-1677 | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization | ukrsolution | Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce | Medium | 6.3 | 2024-05-02 16:52:14 | Deep Dive |
| CVE-2024-3991 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.7 - Authenticated (contributor+) Stored Cross-Site Scripting via _id | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-05-02 16:52:08 | Deep Dive |
| CVE-2024-3734 | FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode Execution | realmag777 | FOX – Currency Switcher Professional for WooCommerce | Medium | 6.5 | 2024-05-02 16:52:04 | Deep Dive |
| CVE-2024-3045 | PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting | wpovernight | PDF Invoices & Packing Slips for WooCommerce | High | 7.2 | 2024-05-02 16:51:55 | Deep Dive |
| CVE-2024-3728 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery & Interactive Circle | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-02 16:51:54 | Deep Dive |
| CVE-2024-4156 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.17 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-02 16:51:52 | Deep Dive |
| CVE-2024-3047 | PDF Invoices & Packing Slips for WooCommerce <= 3.8.0 - Unauthenticated Server-Side Request Forgery | wpovernight | PDF Invoices & Packing Slips for WooCommerce | High | 7.2 | 2024-05-02 16:51:51 | Deep Dive |