| CVE-2024-0431 | Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_set_default_card | easynolo | Ecommerce Fabrick | Medium | 4.3 | 2024-02-28 08:33:10 | Deep Dive |
| CVE-2024-0432 | Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_delete_card | easynolo | Ecommerce Fabrick | Medium | 4.3 | 2024-02-28 08:33:09 | Deep Dive |
| CVE-2024-0768 | Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activation | envothemes | Envo's Templates & Widgets for Elementor and WooCommerce | Medium | 4.3 | 2024-02-28 08:33:09 | Deep Dive |
| CVE-2024-0433 | Gestpay for WooCommerce <= 20221130 - Cross-Site Request Forgery (CSRF) via ajax_unset_default_card | easynolo | Ecommerce Fabrick | Medium | 4.3 | 2024-02-28 08:33:07 | Deep Dive |
| CVE-2024-1687 | Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution | villatheme | Thank You Page Customizer for WooCommerce – Increase Your Sales | Medium | 5.4 | 2024-02-27 05:33:12 | Deep Dive |
| CVE-2024-1698 | NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Critical | 9.8 | 2024-02-27 05:33:12 | Deep Dive |
| CVE-2024-1686 | Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export | villatheme | Thank You Page Customizer for WooCommerce – Increase Your Sales | Medium | 4.3 | 2024-02-27 05:33:11 | Deep Dive |
| CVE-2024-1436 | WordPress WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit Plugin <= 1.0.9 is vulnerable to Sensitive Data Exposure | Wiloke | WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit | Medium | 5.3 | 2024-02-26 15:55:27 | Deep Dive |
| CVE-2024-25925 | WordPress WooCommerce Easy Checkout Field Editor, Fees & Discounts Plugin <= 3.5.12 is vulnerable to Arbitrary File Upload | SYSBASICS | WooCommerce Easy Checkout Field Editor, Fees & Discounts | Critical | 10.0 | 2024-02-26 15:09:16 | Deep Dive |
| CVE-2024-1758 | SuperFaktura WooCommerce <= 1.40.3 - Authenticated (Subscriber+) Blind Server-Side Request Forgery | superfaktura | SuperFaktura WooCommerce | Medium | 5.4 | 2024-02-24 08:38:25 | Deep Dive |
| CVE-2024-24837 | Cross-Site Request Forgery (CSRF) vulnerability in FG PrestaShop, FG Drupal and FG Joomla WordPress plugins | Frédéric GILLES | FG PrestaShop to WooCommerce | Medium | 4.3 | 2024-02-21 07:18:55 | Deep Dive |
| CVE-2024-1562 | WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization | westerndeal | GSheetConnector for WooCommerce – Send your Orders and Products to Google Sheet in Real-Time | Medium | 5.3 | 2024-02-21 03:36:01 | Deep Dive |
| CVE-2024-1171 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.4 | 2024-02-20 18:56:51 | Deep Dive |
| CVE-2024-1172 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.4 | 2024-02-20 18:56:50 | Deep Dive |
| CVE-2024-0821 | Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce <= 3.2.8 - Reflected Cross-Site Scripting | wpcodefactory | Cost of Goods: Product Cost & Profit Calculator for WooCommerce | Medium | 6.1 | 2024-02-20 18:56:47 | Deep Dive |
| CVE-2024-0702 | Oliver POS – A WooCommerce Point of Sale (POS) <= 2.4.2.1 - Missing Authorization | oliverpos | Oliver POS – A WooCommerce Point of Sale (POS) | High | 7.3 | 2024-02-20 18:56:43 | Deep Dive |
| CVE-2024-1054 | Booster for WooCommerce <= 7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | Medium | 6.4 | 2024-02-20 18:56:43 | Deep Dive |
| CVE-2024-1276 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-02-20 18:56:40 | Deep Dive |
| CVE-2024-1044 | Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review | ivole | Customer Reviews for WooCommerce | Medium | 5.3 | 2024-02-20 18:56:28 | Deep Dive |
| CVE-2024-1236 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-02-20 18:56:28 | Deep Dive |