| CVE-2021-4414 | Abandoned Cart Lite for WooCommerce <= 5.8.5 - Cross-Site Request Forgery Bypass | tychesoftwares | Abandoned Cart Lite for WooCommerce | Medium | 4.3 | 2023-07-12 03:40:44 | Deep Dive |
| CVE-2021-4409 | WooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery Bypass | purpleturtlepro | Etsy Integration For WooCommerce | Medium | 4.3 | 2023-07-12 03:02:03 | Deep Dive |
| CVE-2023-35091 | WordPress WooCommerce Stock Manager Plugin <= 2.10.0 is vulnerable to Cross Site Request Forgery (CSRF) | StoreApps | Stock Manager for WooCommerce | Medium | 4.3 | 2023-07-11 12:45:57 | Deep Dive |
| CVE-2023-34015 | WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | PI Websolution | Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping | Medium | 5.4 | 2023-07-11 08:36:04 | Deep Dive |
| CVE-2023-35912 | WordPress Potent Donations for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF) | WP Zone | Potent Donations for WooCommerce | Medium | 4.3 | 2023-07-10 15:47:34 | Deep Dive |
| CVE-2020-36748 | Dokan <= 3.0.8 - Cross-Site Request Forgery Bypass | dokaninc | Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy | Medium | 4.3 | 2023-07-01 05:33:29 | Deep Dive |
| CVE-2021-4395 | Abandoned Cart Recovery for WooCommerce <= 1.0.4 - Cross-Site Request Forgery Bypass | villatheme | Abandoned Cart Recovery for WooCommerce | Medium | 4.3 | 2023-07-01 05:33:24 | Deep Dive |
| CVE-2020-36744 | NotificationX <= 1.8.2 - Cross-Site Request Forgery Bypass | wpdevteam | NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar | Medium | 4.3 | 2023-07-01 04:26:51 | Deep Dive |
| CVE-2020-36741 | MultiVendorX – MultiVendor Marketplace Solution For WooCommerce <= 3.5.7 - Cross-Site Request Forgery Bypass | wcmp | MultiVendorX – WooCommerce Multivendor Marketplace Solutions | Medium | 4.3 | 2023-07-01 04:26:49 | Deep Dive |
| CVE-2021-4391 | Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass | wpswings | Ultimate Gift Cards for WooCommerce | Medium | 4.3 | 2023-07-01 04:26:49 | Deep Dive |
| CVE-2020-36736 | WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 4.3 | 2023-07-01 03:30:12 | Deep Dive |
| CVE-2020-36735 | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass | wedevs | ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support | Medium | 4.3 | 2023-07-01 02:54:24 | Deep Dive |
| CVE-2023-2744 | WP ERP < 1.12.4 - Admin+ SQL Injection | Unknown | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | 高危 | - | 2023-06-27 13:17:11 | Deep Dive |
| CVE-2023-2743 | WP ERP < 1.12.4 - Reflected Cross-Site Scripting | Unknown | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | 中危 | - | 2023-06-27 13:17:06 | Deep Dive |
| CVE-2023-29423 | WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Cancel order request / Return order / Repeat Order / Reorder for WooCommerce | Medium | 5.9 | 2023-06-26 07:13:12 | Deep Dive |
| CVE-2023-28991 | WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce | Medium | 5.9 | 2023-06-26 05:27:18 | Deep Dive |
| CVE-2023-28992 | WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS) | Elliot Sowersby, RelyWP | Coupon Affiliates – WooCommerce Affiliate Plugin | High | 7.1 | 2023-06-26 05:21:44 | Deep Dive |
| CVE-2023-28988 | WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce | Medium | 5.9 | 2023-06-26 05:05:12 | Deep Dive |
| CVE-2023-34170 | WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) | WP Overnight | Quick/Bulk Order Form for WooCommerce | Medium | 5.9 | 2023-06-22 14:26:26 | Deep Dive |
| CVE-2023-35917 | WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | WooCommerce | WooCommerce PayPal Payments | Medium | 4.3 | 2023-06-22 11:47:53 | Deep Dive |