| CVE-2023-4423 | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting | wpeventmanager | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce | Medium | 4.4 | 2023-09-27 03:03:01 | Deep Dive |
| CVE-2023-3547 | All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF | Unknown | All in One B2B for WooCommerce | 高危 | - | 2023-09-25 15:56:56 | Deep Dive |
| CVE-2023-41874 | WordPress Order Delivery Date for WooCommerce Plugin <= 3.20.0 is vulnerable to Cross Site Scripting (XSS) | Tyche Softwares | Order Delivery Date for WooCommerce | High | 7.1 | 2023-09-25 00:43:00 | Deep Dive |
| CVE-2023-4376 | Serial Codes Generator and Validator with WooCommerce Support < 2.4.15 - Admin+ Stored XSS | Unknown | Serial Codes Generator and Validator with WooCommerce Support | 中危 | - | 2023-09-19 19:06:03 | Deep Dive |
| CVE-2023-4948 | WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update | Yan&Co | WooCommerce CVR Payment Gateway | Medium | 4.3 | 2023-09-14 03:24:08 | Deep Dive |
| CVE-2023-4945 | Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | pluggabl | Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools | Medium | 6.4 | 2023-09-14 02:29:51 | Deep Dive |
| CVE-2023-4216 | Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read | Unknown | Orders Tracking for WooCommerce | 低危 | - | 2023-09-04 11:27:03 | Deep Dive |
| CVE-2023-32296 | WordPress Kangu para WooCommerce Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) | Kangu | Kangu para WooCommerce | High | 7.1 | 2023-09-04 11:12:07 | Deep Dive |
| CVE-2023-39162 | WordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS) | XLPlugins | User Email Verification for WooCommerce | High | 7.1 | 2023-09-04 09:46:44 | Deep Dive |
| CVE-2023-3764 | WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via Save | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | Medium | 4.3 | 2023-08-31 05:33:14 | Deep Dive |
| CVE-2023-4160 | WooCommerce PDF Invoice Builder <= 1.2.90 - Authenticated (Administrator+) Cross-Site Scripting | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | Medium | 4.4 | 2023-08-31 05:33:10 | Deep Dive |
| CVE-2023-3162 | Stripe Payment Plugin for WooCommerce <= 3.7.7 - Authentication Bypass | themehigh | Payment Gateway of Stripe for WooCommerce | Critical | 9.8 | 2023-08-31 05:33:07 | Deep Dive |
| CVE-2023-3677 | WooCommerce PDF Invoice Builder <= 1.2.89 - Authenticated (Subscriber+) SQL Injection via Export | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | High | 8.8 | 2023-08-31 05:33:07 | Deep Dive |
| CVE-2023-4161 | WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | Medium | 4.3 | 2023-08-31 05:33:06 | Deep Dive |
| CVE-2023-4245 | WooCommerce PDF Invoice Builder <= 1.2.89 - Missing Authorization to Sensitive Information Exposure | edgarrojas | PDF Builder for WooCommerce. Create invoices,packing slips and more | Medium | 4.3 | 2023-08-31 05:33:04 | Deep Dive |
| CVE-2023-28415 | WordPress Side Cart Woocommerce (Ajax) Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS) | XootiX | Side Cart Woocommerce (Ajax) | Medium | 5.9 | 2023-08-30 15:31:01 | Deep Dive |
| CVE-2023-34004 | WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS) | WooCommerce | WooCommerce Box Office | Medium | 6.5 | 2023-08-30 14:56:06 | Deep Dive |
| CVE-2023-34184 | WordPress Woocommerce Order address Print Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS) | Bhavik Patel | Woocommerce Order address Print | High | 7.1 | 2023-08-30 13:28:58 | Deep Dive |
| CVE-2023-33317 | WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) | WooCommerce | Returns and Warranty Requests | High | 7.1 | 2023-08-30 12:29:05 | Deep Dive |
| CVE-2023-32962 | WordPress WishSuite Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) | HasTheme | WishSuite – Wishlist for WooCommerce | Medium | 5.9 | 2023-08-30 11:56:06 | Deep Dive |