| CVE-2021-4391 | Ultimate Gift Cards for WooCommerce <= 2.1.1 - Cross-Site Request Forgery Bypass | wpswings | Ultimate Gift Cards for WooCommerce | Medium | 4.3 | 2023-07-01 04:26:49 | Deep Dive |
| CVE-2020-36736 | WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 1.5.15 - Cross-Site Request Forgery Bypass | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 4.3 | 2023-07-01 03:30:12 | Deep Dive |
| CVE-2020-36735 | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting <= 1.6.3 - Cross-Site Request Forgery Bypass | wedevs | ERP: Complete HR, Accounting & CRM Suite with WooCommerce CRM Support | Medium | 4.3 | 2023-07-01 02:54:24 | Deep Dive |
| CVE-2023-2744 | WP ERP < 1.12.4 - Admin+ SQL Injection | Unknown | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | 高危 | - | 2023-06-27 13:17:11 | Deep Dive |
| CVE-2023-2743 | WP ERP < 1.12.4 - Reflected Cross-Site Scripting | Unknown | WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting | 中危 | - | 2023-06-27 13:17:06 | Deep Dive |
| CVE-2023-29423 | WordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Cancel order request / Return order / Repeat Order / Reorder for WooCommerce | Medium | 5.9 | 2023-06-26 07:13:12 | Deep Dive |
| CVE-2023-28991 | WordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce | Medium | 5.9 | 2023-06-26 05:27:18 | Deep Dive |
| CVE-2023-28992 | WordPress Coupon Affiliates Plugin <= 5.4.3 is vulnerable to Cross Site Scripting (XSS) | Elliot Sowersby, RelyWP | Coupon Affiliates – WooCommerce Affiliate Plugin | High | 7.1 | 2023-06-26 05:21:44 | Deep Dive |
| CVE-2023-28988 | WordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce | Medium | 5.9 | 2023-06-26 05:05:12 | Deep Dive |
| CVE-2023-34170 | WordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS) | WP Overnight | Quick/Bulk Order Form for WooCommerce | Medium | 5.9 | 2023-06-22 14:26:26 | Deep Dive |
| CVE-2023-35917 | WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) | WooCommerce | WooCommerce PayPal Payments | Medium | 4.3 | 2023-06-22 11:47:53 | Deep Dive |
| CVE-2023-35918 | WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS) | WooCommerce | Bulk Stock Management | High | 7.1 | 2023-06-22 11:47:22 | Deep Dive |
| CVE-2019-25152 | Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting | tychesoftwares | Abandoned Cart Lite for WooCommerce | High | 7.2 | 2023-06-22 01:49:51 | Deep Dive |
| CVE-2023-34000 | WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Stripe Payment Gateway | High | 7.5 | 2023-06-14 07:30:11 | Deep Dive |
| CVE-2023-32118 | WordPress SALERT Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | WPoperation | SALERT – Fake Sales Notification WooCommerce | High | 7.1 | 2023-06-12 14:56:59 | Deep Dive |
| CVE-2023-2275 | WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API | wclovers | WCFM – Multivendor Marketplace REST API for WooCommerce | Medium | 4.3 | 2023-06-09 05:33:29 | Deep Dive |
| CVE-2023-2450 | WordPress Plugin FiboSearch - AJAX Search for WooCommerce 跨站脚本漏洞 | damian-gora | FiboSearch – Ajax Search for WooCommerce | Medium | 4.4 | 2023-06-09 05:33:23 | Deep Dive |
| CVE-2023-2986 | Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass | tychesoftwares | Abandoned Cart Lite for WooCommerce | Critical | 9.8 | 2023-06-08 01:56:23 | Deep Dive |
| CVE-2021-4379 | WooCommerce Multi Currency <= 2.1.17 - Missing Authorization | villatheme | CURCY - WooCommerce Multi Currency - Currency Switcher | Medium | 6.5 | 2023-06-07 12:43:13 | Deep Dive |
| CVE-2021-4337 | Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization | XforWooCommerce | Package Quantity Discount | High | 8.8 | 2023-06-07 12:43:07 | Deep Dive |