| CVE-2024-0610 | Piraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL Injection | enartia | Piraeus Bank WooCommerce Payment Gateway | Critical | 9.8 | 2024-02-17 07:36:59 | Deep Dive |
| CVE-2024-23512 | WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection | wpxpo | ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks | High | 8.7 | 2024-02-12 08:22:30 | Deep Dive |
| CVE-2024-24796 | WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin | High | 8.2 | 2024-02-12 07:47:08 | Deep Dive |
| CVE-2023-51480 | WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS) | realmag777 | Active Products Tables for WooCommerce. Professional products tables for WooCommerce store | Medium | 6.5 | 2024-02-10 08:34:01 | Deep Dive |
| CVE-2023-51485 | WordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS) | WP Hosting | Pay with Vipps and MobilePay for WooCommerce | Medium | 6.5 | 2024-02-10 08:30:34 | Deep Dive |
| CVE-2024-1122 | Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export | arraytics | Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) | Medium | 5.3 | 2024-02-09 04:31:54 | Deep Dive |
| CVE-2024-24834 | WordPress BEAR Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) | realmag777 | BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net | Medium | 5.9 | 2024-02-08 13:13:18 | Deep Dive |
| CVE-2024-24878 | WordPress Portugal CTT Tracking for WooCommerce plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerability | Marco Almeida | Webdados | Portugal CTT Tracking for WooCommerce | High | 7.1 | 2024-02-08 12:58:39 | Deep Dive |
| CVE-2024-24881 | WordPress WP SMS Plugin <= 6.5.2 is vulnerable to Cross Site Scripting (XSS) | VeronaLabs | WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | High | 7.1 | 2024-02-08 11:19:22 | Deep Dive |
| CVE-2024-24885 | WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) | Lê Văn Toản | Woocommerce Vietnam Checkout | Medium | 5.9 | 2024-02-08 11:16:49 | Deep Dive |
| CVE-2024-24886 | WordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS) | Acowebs | Product Labels For Woocommerce (Sale Badges) | Medium | 5.9 | 2024-02-08 10:46:28 | Deep Dive |
| CVE-2024-0586 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scritping | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-02-05 21:22:01 | Deep Dive |
| CVE-2024-0954 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-02-05 21:21:53 | Deep Dive |
| CVE-2024-0796 | Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Cross-Site Request Forgery | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | Medium | 4.3 | 2024-02-05 21:21:44 | Deep Dive |
| CVE-2024-0585 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image URl | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 5.4 | 2024-02-05 21:21:41 | Deep Dive |
| CVE-2024-0797 | Active Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Missing Authorization | realmag777 | Active Products Tables for WooCommerce. Use constructor to create tables | Medium | 4.3 | 2024-02-05 21:21:33 | Deep Dive |
| CVE-2024-24841 | WordPress Add Customer for WooCommerce Plugin <= 1.7 is vulnerable to Cross Site Scripting (XSS) | Dan's Art | Add Customer for WooCommerce | Medium | 5.9 | 2024-02-05 06:27:52 | Deep Dive |
| CVE-2023-51669 | WordPress Product Code for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) | Artios Media | Product Code for WooCommerce | Medium | 6.5 | 2024-02-01 10:19:56 | Deep Dive |
| CVE-2024-22153 | WordPress Stock Locations for WooCommerce Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) | Fahad Mahmood & Alexandre Faustino | Stock Locations for WooCommerce | Medium | 5.9 | 2024-01-31 18:21:17 | Deep Dive |
| CVE-2024-22147 | WordPress WooCommerce PDF Invoices & Packing Slips Plugin <= 3.7.5 is vulnerable to SQL Injection | WP Overnight | PDF Invoices & Packing Slips for WooCommerce | High | 7.6 | 2024-01-26 23:15:03 | Deep Dive |