| CVE-2024-2384 | WooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information Disclosure | kilbot | WCPOS – Point of Sale (POS) plugin for WooCommerce | Medium | 4.3 | 2024-03-20 02:35:42 | Deep Dive |
| CVE-2024-2387 | Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms <= 1.82.0 - SQL Injection to Reflected Cross-Site Scripting via integration_id | nasirahmed | AFI – The Easiest Integration Plugin | Medium | 6.1 | 2024-03-20 01:57:56 | Deep Dive |
| CVE-2024-29093 | WordPress Builder for WooCommerce reviews shortcodes – ReviewShort plugin <= 1.01.3 - Cross Site Request Forgery (CSRF) vulnerability | Saleswonder Team: Tobias | Builder for WooCommerce reviews shortcodes – ReviewShort | Medium | 4.3 | 2024-03-19 16:40:14 | Deep Dive |
| CVE-2024-29112 | WordPress WooCommerce Google Feed Manager plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerability | WP Marketing Robot | WooCommerce Google Feed Manager | Medium | 5.9 | 2024-03-19 15:02:29 | Deep Dive |
| CVE-2024-29116 | WordPress WooThumbs for WooCommerce by Iconic plugin <= 5.5.3 - Reflected Cross Site Scripting (XSS) vulnerability | IconicWP | WooThumbs for WooCommerce by Iconic | High | 7.1 | 2024-03-19 14:54:17 | Deep Dive |
| CVE-2024-29121 | WordPress WooCommerce License Manager plugin <= 5.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | Firassaidi | WooCommerce License Manager | High | 7.1 | 2024-03-19 14:48:09 | Deep Dive |
| CVE-2024-27959 | WordPress APIExperts Square for WooCommerce plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability | Wpexpertsio | WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management | High | 7.1 | 2024-03-17 16:27:35 | Deep Dive |
| CVE-2024-1857 | Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information Exposure | wpswings | Ultimate Gift Cards for WooCommerce | Medium | 5.3 | 2024-03-16 08:37:16 | Deep Dive |
| CVE-2023-51486 | WordPress WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.101 - Cross Site Request Forgery (CSRF) vulnerability | RedNao | WooCommerce PDF Invoice Builder | Medium | 5.4 | 2024-03-16 01:05:46 | Deep Dive |
| CVE-2023-51369 | WordPress Customize My Account for WooCommerce plugin <= 1.8.3 - Cross Site Request Forgery (CSRF) vulnerability | SysBasics | Customize My Account for WooCommerce | Medium | 4.3 | 2024-03-15 14:19:51 | Deep Dive |
| CVE-2023-50861 | WordPress HUSKY plugin <= 1.3.4.3 - Cross Site Request Forgery (CSRF) vulnerability | realmag777 | HUSKY – Products Filter for WooCommerce (formerly WOOF) | Medium | 4.3 | 2024-03-15 14:04:38 | Deep Dive |
| CVE-2024-25596 | WordPress Doofinder for WooCommerce plugin <= 2.1.8 - Cross Site Scripting (XSS) vulnerability | Doofinder | Doofinder for WooCommerce | Medium | 5.9 | 2024-03-15 13:59:27 | Deep Dive |
| CVE-2024-1795 | HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.2 - Authenticated (Contributor+) SQL Injection | realmag777 | HUSKY – Products Filter Professional for WooCommerce | High | 8.8 | 2024-03-15 06:48:47 | Deep Dive |
| CVE-2024-1796 | HUSKY – Products Filter for WooCommerce Professional <= 1.3.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | realmag777 | HUSKY – Products Filter Professional for WooCommerce | Medium | 6.4 | 2024-03-15 06:48:45 | Deep Dive |
| CVE-2024-1668 | Avada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form Entries | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.5 | 2024-03-13 15:32:40 | Deep Dive |
| CVE-2024-1950 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection | wpwax | Product Carousel Slider & Grid Ultimate for WooCommerce | High | 7.5 | 2024-03-13 15:27:23 | Deep Dive |
| CVE-2024-1489 | SMS Alert Order Notifications – WooCommerce <= 3.6.9 - Cross-Site Request Forgery | cozyvision1 | SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery | Medium | 4.3 | 2024-03-13 15:27:22 | Deep Dive |
| CVE-2024-0683 | Bulgarisation for WooCommerce <= 3.0.14 - Missing Authorization | autopolisbg | Bulgarisation for WooCommerce | High | 7.3 | 2024-03-13 15:27:13 | Deep Dive |
| CVE-2024-1537 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Data Table | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-03-13 15:27:00 | Deep Dive |
| CVE-2024-1203 | Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce <= 7.0.7 - Authenticated (Subscriber+) SQL Injection | tatvic | Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels | High | 8.8 | 2024-03-13 15:26:59 | Deep Dive |