| CVE-2024-2311 | Avada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2024-04-09 18:59:36 | Deep Dive |
| CVE-2024-0952 | WP ERP <= 1.12.9 - Authenticated (Accounting Manager+) SQL Injection via id | wedevs | ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support | High | 7.2 | 2024-04-09 18:59:33 | Deep Dive |
| CVE-2024-2946 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code Widget | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:59:26 | Deep Dive |
| CVE-2024-2344 | Avada <= 7.11.6 - Authenticated (Admin+) SQL Injection via entry | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 7.2 | 2024-04-09 18:59:22 | Deep Dive |
| CVE-2024-2623 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-04-09 18:59:17 | Deep Dive |
| CVE-2024-2340 | Avada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory Listing | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 5.3 | 2024-04-09 18:59:07 | Deep Dive |
| CVE-2024-2343 | Avada <= 7.11.6 - Authenticated (Contributor+) Server-Side Request Forgery via form_to_url_action | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2024-04-09 18:59:04 | Deep Dive |
| CVE-2024-2974 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.13 - Unauthenticated Sensitive Information Exposure | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.3 | 2024-04-09 18:59:01 | Deep Dive |
| CVE-2024-2650 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.11 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-04-09 18:58:56 | Deep Dive |
| CVE-2024-0626 | WooCommerce Clover Payment Gateway <= 1.3.1 - Missing Authorization via callback_handler | elbanyaoui | Clover Payment Gateway by Zaytech for WooCommerce | Medium | 5.3 | 2024-04-09 18:58:50 | Deep Dive |
| CVE-2024-1308 | WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Modification | datafeedrcom | Cloak Affiliate Links for WooCommerce | High | 7.5 | 2024-04-09 18:58:44 | Deep Dive |
| CVE-2024-1960 | ShopLentor <= 2.8.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via Banner Link | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-09 18:58:43 | Deep Dive |
| CVE-2024-22155 | WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability | Automattic | WooCommerce | Medium | 4.3 | 2024-04-07 17:56:06 | Deep Dive |
| CVE-2024-31255 | WordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability | ELEXtensions | ELEX WooCommerce Dynamic Pricing and Discounts | High | 7.1 | 2024-04-07 17:51:18 | Deep Dive |
| CVE-2024-2949 | Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' | shapedplugin | Carousel, Slider, Photo Gallery with Lightbox, Video Slider, by WP Carousel | Medium | 6.4 | 2024-04-06 06:47:19 | Deep Dive |
| CVE-2024-3216 | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.2 - Missing Authorization to Unauthenticated Settings Reset | webtoffee | WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | Medium | 5.3 | 2024-04-06 03:24:44 | Deep Dive |
| CVE-2024-2656 | Icegram Express <= 5.7.14 - Authenticated (Administrator+) Cross-Site Scripting via CSV import | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 4.4 | 2024-04-06 03:24:43 | Deep Dive |
| CVE-2024-2868 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Universal Product Layout | devitemsllc | ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin | Medium | 6.4 | 2024-04-04 01:56:45 | Deep Dive |
| CVE-2024-2322 | WooCommerce Cart Abandonment Recovery < 1.2.27 - Templates/Abandoned Orders Deletion via CSRF | Unknown | WooCommerce Cart Abandonment Recovery | 中危 | - | 2024-04-03 05:00:02 | Deep Dive |
| CVE-2024-31109 | WordPress Woocommerce Social Media Share Buttons plugin <= 1.3.0 - CSRF to Cross Site Scripting (XSS) vulnerability | Toastie Studio | Woocommerce Social Media Share Buttons | High | 7.1 | 2024-04-02 17:31:31 | Deep Dive |