| CVE-2024-0976 | WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 6.1 | 2024-03-13 15:26:48 | Deep Dive |
| CVE-2024-1862 | WooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options Update | forwardflip | Add to Cart Custom Redirect for WooCommerce | High | 8.1 | 2024-03-13 15:26:43 | Deep Dive |
| CVE-2024-1690 | TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds <= 1.4.10 - Missing Authorization to Authenticated (Subscriber+) User Email Export | subratamal | Wallet for WooCommerce | Medium | 4.3 | 2024-03-13 15:26:35 | Deep Dive |
| CVE-2024-1536 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Event Calendar | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | High | 7.4 | 2024-03-13 15:26:34 | Deep Dive |
| CVE-2023-7072 | Post Grid Combo – 36+ Gutenberg Blocks <= 2.2.68 - Information Exposure via get_posts API Endpoint | pickplugins | Post Grid | High | 7.5 | 2024-03-12 22:32:27 | Deep Dive |
| CVE-2024-2395 | Bulgarisation for WooCommerce <= 3.0.14 - Cross-Site Request Forgery | autopolisbg | Bulgarisation for WooCommerce | High | 7.3 | 2024-03-12 21:34:33 | Deep Dive |
| CVE-2024-1986 | Elite Booster for WooCommerce <= 7.1.7 - Authenticated (Subscriber+) Arbitrary File Upload | pluggabl | Booster Elite for WooCommerce | High | 8.8 | 2024-03-07 20:33:27 | Deep Dive |
| CVE-2024-1773 | PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection | acowebs | PDF Invoices and Packing Slips For WooCommerce | High | 8.8 | 2024-03-07 18:49:18 | Deep Dive |
| CVE-2024-1534 | Booster for WooCommerce <= 7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortocde | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | Medium | 6.4 | 2024-03-07 09:33:53 | Deep Dive |
| CVE-2024-1088 | Password Protected Store for WooCommerce <= 2.2 - Information Exposure via REST API | rajkakadiya | Password Protected Store for WooCommerce | Medium | 5.3 | 2024-03-05 01:56:02 | Deep Dive |
| CVE-2024-1120 | NextMove Lite – Thank You Page for WooCommerce & Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.17.0 - Missing Authorization to Unauthenticated System Information Disclosure | djeet | Finale Lite – Sales Countdown Timer & Discount for WooCommerce | Medium | 5.3 | 2024-03-01 09:31:41 | Deep Dive |
| CVE-2023-6090 | WordPress Mollie Payments for WooCommerce Plugin <= 7.3.11 is vulnerable to Arbitrary File Upload | Mollie | Mollie Payments for WooCommerce | Critical | 9.1 | 2024-02-29 05:23:57 | Deep Dive |
| CVE-2024-1468 | Avada | Website Builder For WordPress & WooCommerce <= 7.11.4 - Authenticated (Contributor+) Arbitrary File Upload | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | High | 8.8 | 2024-02-29 03:30:30 | Deep Dive |
| CVE-2023-51692 | WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control | CusRev | Customer Reviews for WooCommerce | Medium | 4.3 | 2024-02-28 18:49:02 | Deep Dive |
| CVE-2023-52223 | WordPress MailerLite – WooCommerce integration Plugin <= 2.0.8 is vulnerable to Cross Site Request Forgery (CSRF) | MailerLite | MailerLite – WooCommerce integration | Medium | 5.4 | 2024-02-28 16:37:20 | Deep Dive |
| CVE-2024-25930 | WordPress Custom Order Statuses for WooCommerce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF) | Nuggethon | Custom Order Statuses for WooCommerce | Medium | 4.3 | 2024-02-28 13:17:45 | Deep Dive |
| CVE-2024-0767 | Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation | envothemes | Envo's Templates & Widgets for Elementor and WooCommerce | Medium | 4.3 | 2024-02-28 08:33:13 | Deep Dive |
| CVE-2024-0786 | Conversios <= 7.0.7 - Authenticated (Subscriber+) SQL Injection via ee_syncProductCategory | tatvic | Conversios: Google Analytics (GA4), Google Ads, Conversion and Analytics Tracking for Multi-Channels | High | 8.8 | 2024-02-28 08:33:13 | Deep Dive |
| CVE-2024-0766 | Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Missing Authorization via templates_ajax_request | envothemes | Envo's Templates & Widgets for Elementor and WooCommerce | Medium | 4.3 | 2024-02-28 08:33:11 | Deep Dive |
| CVE-2024-1954 | Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.1.8 - Cross-Site Request Forgery | oliverpos | Oliver POS – A WooCommerce Point of Sale (POS) | Medium | 6.3 | 2024-02-28 08:33:11 | Deep Dive |