| CVE-2024-4003 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-05-02 16:51:51 | Deep Dive |
| CVE-2024-3957 | Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | Medium | 6.5 | 2024-05-02 16:51:49 | Deep Dive |
| CVE-2024-33949 | WordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability | Vark | Min and Max Purchase for WooCommerce | Medium | 6.5 | 2024-05-02 16:46:14 | Deep Dive |
| CVE-2024-33944 | WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability | Kestrel | WooCommerce AWeber Newsletter Subscription | Medium | 6.5 | 2024-05-02 11:26:49 | Deep Dive |
| CVE-2024-33956 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability | ThemeLocation | Custom WooCommerce Checkout Fields Editor | Medium | 4.3 | 2024-05-02 11:24:42 | Deep Dive |
| CVE-2024-4185 | Customer Email Verification for WooCommerce <= 2.7.4 - Email Verification and Authentication Bypass due to Insufficient Randomness | wpcodefactory | Customer Email Verification for WooCommerce | High | 8.1 | 2024-04-30 08:32:23 | Deep Dive |
| CVE-2024-33585 | WordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerability | Tyche Softwares | Payment Gateway Based Fees and Discounts for WooCommerce | Medium | 4.3 | 2024-04-29 12:43:51 | Deep Dive |
| CVE-2024-2838 | WPC Composite Products for WooCommerce <= 7.2.7 - Authenticated (Subscriber+) Stored Cross-Site Scripting | wpclever | WPC Composite Products for WooCommerce | Medium | 6.4 | 2024-04-27 03:33:36 | Deep Dive |
| CVE-2024-3962 | Product Addons & Fields for WooCommerce <= 32.0.18 - Unauthenticated Arbitrary File Upload via ppom_upload_file | themeisle | PPOM – Product Addons & Custom Fields for WooCommerce | Critical | 9.8 | 2024-04-26 08:29:20 | Deep Dive |
| CVE-2024-31266 | WordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerability | AlgolPlus | Advanced Order Export For WooCommerce | Critical | 9.1 | 2024-04-25 08:43:06 | Deep Dive |
| CVE-2024-3733 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.15 - Information Exposure | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.3 | 2024-04-25 08:29:00 | Deep Dive |
| CVE-2024-32675 | WordPress Order Limit for WooCommerce plugin <= 2.0.0 - Broken Access Control vulnerability | Xfinity Soft | Order Limit for WooCommerce | Medium | 6.5 | 2024-04-24 15:26:56 | Deep Dive |
| CVE-2024-32678 | WordPress TrackShip for WooCommerce plugin <= 1.7.5 - Broken Access Control vulnerability | TrackShip | TrackShip for WooCommerce | Medium | 5.3 | 2024-04-24 15:21:56 | Deep Dive |
| CVE-2024-32699 | WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability | YITHEMES | YITH WooCommerce Compare | Medium | 4.3 | 2024-04-24 15:00:57 | Deep Dive |
| CVE-2024-32834 | WordPress WooCommerce Shipping Label plugin <= 2.3.8 - Cross Site Scripting (XSS) vulnerability | WebToffee | WooCommerce Shipping Label | Medium | 5.9 | 2024-04-24 08:27:37 | Deep Dive |
| CVE-2024-32781 | WordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerability | ThemeHigh | Email Customizer for WooCommerce | High | 7.5 | 2024-04-24 07:56:01 | Deep Dive |
| CVE-2024-32803 | WordPress SuperFaktura WooCommerce plugin <= 1.40.3 - Server Side Request Forgery (SSRF) vulnerability | 2day.sk, Webikon | SuperFaktura WooCommerce | Medium | 6.4 | 2024-04-24 07:16:38 | Deep Dive |
| CVE-2024-1743 | WooCommerce Customers Manager < 29.8 - Reflected XSS | Unknown | WooCommerce Customers Manager | 中危 | - | 2024-04-24 05:00:02 | Deep Dive |
| CVE-2024-1756 | WooCommerce Customers Manager < 29.8 - Subscriber+ Email Disclosure | Unknown | WooCommerce Customers Manager | 中危 | - | 2024-04-24 05:00:02 | Deep Dive |
| CVE-2024-32687 | WordPress WPC Frequently Bought Together for WooCommerce plugin <= 7.0.3 - Broken Access Control vulnerability | WPClever | WPC Frequently Bought Together for WooCommerce | Medium | 4.3 | 2024-04-22 10:35:43 | Deep Dive |