| CVE-2024-29760 | WordPress Booster for WooCommerce plugin <= 7.1.8 - Reflected Cross Site Scripting (XSS) vulnerability | Pluggabl LLC | Booster for WooCommerce | High | 7.1 | 2024-03-27 13:16:17 | Deep Dive |
| CVE-2024-29805 | WordPress Shipping with Venipak for WooCommerce plugin <= 1.19.5 - Reflected Cross Site Scripting (XSS) vulnerability | ShopUp | Shipping with Venipak for WooCommerce | High | 7.1 | 2024-03-27 12:15:13 | Deep Dive |
| CVE-2024-29929 | WordPress WCFM plugin <= 6.7.8 - Cross Site Scripting (XSS) vulnerability | WC Lovers | WCFM – Frontend Manager for WooCommerce | Medium | 5.9 | 2024-03-27 10:04:45 | Deep Dive |
| CVE-2024-22288 | WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.4.0 - Reflected Cross Site Scripting (XSS) vulnerability | WebToffee | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | High | 7.1 | 2024-03-27 05:49:44 | Deep Dive |
| CVE-2024-24800 | WordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerability | AdTribes.io | Product Feed PRO for WooCommerce | High | 7.1 | 2024-03-27 05:47:15 | Deep Dive |
| CVE-2024-30231 | WordPress Product Import Export for WooCommerce plugin <= 2.4.1 - Arbitrary File Upload vulnerability | WebToffee | Product Import Export for WooCommerce | Critical | 9.1 | 2024-03-26 11:58:00 | Deep Dive |
| CVE-2024-24711 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability | weDevs | WooCommerce Conversion Tracking | Medium | 4.3 | 2024-03-26 11:43:10 | Deep Dive |
| CVE-2024-24719 | WordPress Kikote plugin <= 1.8.9 - Broken Access Control vulnerability | Uriahs Victor | Location Picker at Checkout for WooCommerce | Medium | 4.3 | 2024-03-26 11:31:23 | Deep Dive |
| CVE-2024-24799 | WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability | WooCommerce | WooCommerce Box Office | Medium | 6.5 | 2024-03-26 11:29:24 | Deep Dive |
| CVE-2023-27608 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerability | WP Swings | Points and Rewards for WooCommerce | Medium | 6.5 | 2024-03-25 11:12:55 | Deep Dive |
| CVE-2024-1697 | Custom WooCommerce Checkout Fields Editor <= 1.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting | themelocation | Custom WooCommerce Checkout Fields Editor | Medium | 6.4 | 2024-03-23 01:57:40 | Deep Dive |
| CVE-2024-2025 | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request | themekraft | BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages | High | 8.8 | 2024-03-23 01:57:39 | Deep Dive |
| CVE-2024-0957 | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.4.1 - Unauthenticated Stored Cross-Site Scripting | webtoffee | WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | Medium | 6.1 | 2024-03-22 02:00:00 | Deep Dive |
| CVE-2022-44633 | WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability | YITH | YITH WooCommerce Gift Cards Premium | Medium | 6.5 | 2024-03-21 17:44:28 | Deep Dive |
| CVE-2023-27607 | WordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Settings Change vulnerability | WP Swings | Points and Rewards for WooCommerce | Medium | 5.4 | 2024-03-21 17:15:07 | Deep Dive |
| CVE-2024-27969 | WordPress Free Downloads WooCommerce plugin <= 3.5.8.2 - Cross Site Scripting (XSS) vulnerability | WP Enhanced | Free Downloads WooCommerce | Medium | 6.5 | 2024-03-21 15:27:01 | Deep Dive |
| CVE-2024-27994 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability | YITHEMES | YITH WooCommerce Product Add-Ons | High | 7.1 | 2024-03-21 15:03:12 | Deep Dive |
| CVE-2024-1325 | Live Sales Notification for Woocommerce – Woomotiv <= 3.4.3 - Cross-Site Request Forgery via ajax_cancel_review | delabon | Live Sales Notification for Woocommerce – Woomotiv | Medium | 4.3 | 2024-03-20 06:48:28 | Deep Dive |
| CVE-2024-1119 | Order Tip for WooCommerce <= 1.3.1 - Missing Authorization to Unauthenticated Data Export | railmedia | Order Tip for WooCommerce | Medium | 5.3 | 2024-03-20 06:48:27 | Deep Dive |
| CVE-2024-1205 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring <= 1.2.2 - Authenticated (Subscriber+) Arbitrary File Upload | israelb1 | Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring | High | 8.8 | 2024-03-20 06:48:27 | Deep Dive |