| CVE-2023-50892 | WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS) | CodexThemes | TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme | High | 7.1 | 2023-12-29 11:15:38 | Deep Dive |
| CVE-2023-50893 | WordPress UpSolution Core Plugin <= 8.17.4 is vulnerable to Cross Site Scripting (XSS) | UpSolution | Impreza – WordPress Website and WooCommerce Builder | High | 7.1 | 2023-12-29 11:12:36 | Deep Dive |
| CVE-2023-50853 | WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection | Nasirahmed | Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms | High | 7.6 | 2023-12-28 11:25:44 | Deep Dive |
| CVE-2023-50856 | WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 2.14.3 is vulnerable to SQL Injection | FunnelKit | Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits | High | 7.6 | 2023-12-28 11:01:04 | Deep Dive |
| CVE-2023-50857 | WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection | FunnelKit | Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit | High | 7.6 | 2023-12-28 10:57:47 | Deep Dive |
| CVE-2023-27447 | WordPress WP SMS Plugin <= 6.0.4 is vulnerable to Sensitive Data Exposure | VeronaLabs | WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc | Medium | 5.3 | 2023-12-28 10:53:55 | Deep Dive |
| CVE-2023-32795 | WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection | WooCommerce | Product Add-Ons | High | 8.2 | 2023-12-28 10:43:07 | Deep Dive |
| CVE-2023-51501 | WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS) | Undsgn | Uncode - Creative & WooCommerce WordPress Theme | High | 7.1 | 2023-12-28 09:56:28 | Deep Dive |
| CVE-2023-32799 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | Shipping Multiple Addresses | Medium | 6.5 | 2023-12-21 18:22:30 | Deep Dive |
| CVE-2023-32747 | WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Bookings | Medium | 5.4 | 2023-12-21 18:18:28 | Deep Dive |
| CVE-2023-50834 | WordPress WooCommerce Menu Extension Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS) | August Infotech | WooCommerce Menu Extension | Medium | 6.5 | 2023-12-21 18:14:32 | Deep Dive |
| CVE-2023-50831 | WordPress CURCY Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) | VillaTheme | CURCY – Multi Currency for WooCommerce | Medium | 6.5 | 2023-12-21 17:20:50 | Deep Dive |
| CVE-2022-45377 | WordPress Drag and Drop Multiple File Upload for WooCommerce Plugin <= 1.0.8 is vulnerable to Multiple Vulnerabilities | Glen Don L. Mongaya | Drag and Drop Multiple File Upload for WooCommerce | Medium | 6.5 | 2023-12-21 13:06:33 | Deep Dive |
| CVE-2023-32242 | WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection | xTemos | WoodMart - Multipurpose WooCommerce Theme | Critical | 9.8 | 2023-12-21 13:03:01 | Deep Dive |
| CVE-2023-49826 | WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection | PenciDesign | Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme | High | 8.1 | 2023-12-21 12:34:52 | Deep Dive |
| CVE-2023-33318 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload | WooCommerce | AutomateWoo | Critical | 9.9 | 2023-12-20 18:53:33 | Deep Dive |
| CVE-2023-26525 | WordPress Dokan Plugin <= 3.7.12 is vulnerable to SQL Injection | weDevs | Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy | High | 7.1 | 2023-12-20 17:27:23 | Deep Dive |
| CVE-2023-32743 | WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to SQL Injection | WooCommerce | AutomateWoo | High | 7.6 | 2023-12-20 15:55:23 | Deep Dive |
| CVE-2023-33330 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection | WooCommerce | AutomateWoo | High | 8.5 | 2023-12-20 15:44:45 | Deep Dive |
| CVE-2023-49825 | WordPress Soledad Theme <= 8.4.1 is vulnerable to SQL Injection | PenciDesign | Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme | High | 8.5 | 2023-12-20 15:38:27 | Deep Dive |