| CVE-2023-35914 | WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | Woo Subscriptions | High | 7.5 | 2023-12-20 15:18:16 | Deep Dive |
| CVE-2023-40010 | WordPress HUSKY – Products Filter for WooCommerce (formerly WOOF) Plugin <= 1.3.4.2 is vulnerable to SQL Injection | realmag777 | HUSKY – Products Filter for WooCommerce Professional | Critical | 9.3 | 2023-12-20 15:06:38 | Deep Dive |
| CVE-2023-35876 | WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Square | High | 8.1 | 2023-12-20 14:42:18 | Deep Dive |
| CVE-2023-37871 | WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | GoCardless | High | 8.2 | 2023-12-20 13:57:11 | Deep Dive |
| CVE-2023-40555 | WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection | UX-themes | Flatsome | Multi-Purpose Responsive WooCommerce Theme | High | 8.3 | 2023-12-20 13:45:19 | Deep Dive |
| CVE-2023-48327 | WordPress WC Vendors Marketplace Plugin <= 2.4.7 is vulnerable to SQL Injection | WC Vendors | WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors | High | 7.6 | 2023-12-19 20:50:27 | Deep Dive |
| CVE-2023-38478 | WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection | CRM Perks | Integration for WooCommerce and QuickBooks | Medium | 4.7 | 2023-12-19 20:03:32 | Deep Dive |
| CVE-2023-38481 | WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection | CRM Perks | Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin | Medium | 4.7 | 2023-12-19 20:00:46 | Deep Dive |
| CVE-2023-40602 | WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection | Doofinder | Doofinder WP & WooCommerce Search | Medium | 4.7 | 2023-12-19 19:54:43 | Deep Dive |
| CVE-2023-34382 | WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection | weDevs | Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy | Medium | 4.4 | 2023-12-19 19:40:58 | Deep Dive |
| CVE-2023-33331 | WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to SQL Injection | WooCommerce | Product Vendors | High | 8.5 | 2023-12-18 22:39:43 | Deep Dive |
| CVE-2023-49761 | WordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) | Gravity Master | Product Enquiry for WooCommerce | Medium | 5.4 | 2023-12-18 22:24:46 | Deep Dive |
| CVE-2023-49759 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) | gVectors Team | WooDiscuz – WooCommerce Comments | Medium | 5.4 | 2023-12-18 22:19:52 | Deep Dive |
| CVE-2023-48778 | WordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | VillaTheme | Product Size Chart For WooCommerce | Medium | 5.4 | 2023-12-18 22:03:38 | Deep Dive |
| CVE-2023-48773 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) | WP Doctor | WooCommerce Login Redirect | Medium | 5.4 | 2023-12-18 22:01:21 | Deep Dive |
| CVE-2023-48768 | WordPress Quantity Plus Minus Button for WooCommerce by CodeAstrology Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | CodeAstrology Team | Quantity Plus Minus Button for WooCommerce by CodeAstrology | Medium | 4.3 | 2023-12-18 21:55:05 | Deep Dive |
| CVE-2023-5348 | Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update | Unknown | Product Catalog Mode For WooCommerce | - | - | 2023-12-18 20:08:00 | Deep Dive |
| CVE-2023-47789 | WordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF) | WooCommerce | Canada Post Shipping Method | Medium | 4.3 | 2023-12-18 15:43:24 | Deep Dive |
| CVE-2023-47787 | WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) | WooCommerce | WooCommerce Bookings | Medium | 4.3 | 2023-12-18 15:30:52 | Deep Dive |
| CVE-2023-49840 | WordPress Multi Currency For WooCommerce Plugin <= 1.5.5 is vulnerable to Cross Site Request Forgery (CSRF) | Palscode | Multi Currency For WooCommerce | Medium | 4.3 | 2023-12-18 14:46:28 | Deep Dive |