| CVE-2023-6556 | FOX – Currency Switcher Professional for WooCommerce <= 1.4.1.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting | realmag777 | FOX – Currency Switcher Professional for WooCommerce | Medium | 5.4 | 2024-01-11 08:32:46 | Deep Dive |
| CVE-2023-6979 | Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload | ivole | Customer Reviews for WooCommerce | High | 8.8 | 2024-01-11 08:32:34 | Deep Dive |
| CVE-2022-34344 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control | Rymera Web Co | Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More | Medium | 5.4 | 2024-01-08 21:13:45 | Deep Dive |
| CVE-2023-51408 | WordPress WP Optin Wheel Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure | StudioWombat | WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce | Medium | 5.3 | 2024-01-08 20:36:04 | Deep Dive |
| CVE-2023-5957 | Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution | Unknown | Ni Purchase Order(PO) For WooCommerce | - | - | 2024-01-08 19:00:32 | Deep Dive |
| CVE-2023-52222 | WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF) | Automattic | WooCommerce | Medium | 4.3 | 2024-01-08 18:53:05 | Deep Dive |
| CVE-2023-52215 | WordPress Barcode Scanner with Inventory & Order Manager Plugin <=1.5.1 is vulnerable to SQL Injection | UkrSolution | Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce | Critical | 9.3 | 2024-01-08 17:42:11 | Deep Dive |
| CVE-2023-52218 | WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection | Anton Bond | Woocommerce Tranzila Payment Gateway | Critical | 10.0 | 2024-01-08 17:34:20 | Deep Dive |
| CVE-2024-21745 | WordPress Laybuy Payment Extension for WooCommerce Plugin <= 5.3.9 is vulnerable to Cross Site Scripting (XSS) | Laybuy | Laybuy Payment Extension for WooCommerce | Medium | 6.5 | 2024-01-08 16:51:34 | Deep Dive |
| CVE-2024-21747 | WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection | weDevs | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | High | 7.6 | 2024-01-08 16:48:10 | Deep Dive |
| CVE-2023-51678 | WordPress Doofinder for WooCommerce Plugin <= 2.0.33 is vulnerable to Broken Access Control | Doofinder | Doofinder WP & WooCommerce Search | Medium | 4.3 | 2024-01-05 10:00:54 | Deep Dive |
| CVE-2023-52127 | WordPress WPC Product Bundles for WooCommerce Plugin <= 7.3.1 is vulnerable to Cross Site Request Forgery (CSRF) | WPClever | WPC Product Bundles for WooCommerce | Medium | 4.3 | 2024-01-05 08:52:47 | Deep Dive |
| CVE-2023-51502 | WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Stripe Payment Gateway | High | 7.5 | 2024-01-05 07:56:32 | Deep Dive |
| CVE-2023-7044 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2024-01-04 09:31:04 | Deep Dive |
| CVE-2024-0201 | Product Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update | webcodingplace | Product Expiry for WooCommerce | Medium | 5.4 | 2024-01-03 09:31:52 | Deep Dive |
| CVE-2023-7068 | WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels <= 4.3.0 - Missing Authorization to Order Export | webtoffee | WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes & Shipping Labels | Medium | 4.3 | 2024-01-03 08:29:48 | Deep Dive |
| CVE-2023-6980 | WP SMS <= 6.5 - Cross-Site Request Forgery to Subscriber Deletion | veronalabs | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | Medium | 4.3 | 2024-01-03 05:31:19 | Deep Dive |
| CVE-2023-6981 | WP SMS <= 6.5 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting | veronalabs | WSMS (formerly WP SMS) – SMS & MMS Notifications with OTP and 2FA for WooCommerce | Medium | 6.1 | 2024-01-03 05:31:19 | Deep Dive |
| CVE-2023-49777 | WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection | YITH | YITH WooCommerce Product Add-Ons | Critical | 9.1 | 2023-12-31 10:11:31 | Deep Dive |
| CVE-2023-51505 | WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to PHP Object Injection | realmag777 | Active Products Tables for WooCommerce. Professional products tables for WooCommerce store | Critical | 10.0 | 2023-12-29 12:51:57 | Deep Dive |