| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-35918 | WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS) | WooCommerce | Bulk Stock Management | High | 7.1 | 2023-06-22 11:47:22 | Deep Dive |
| CVE-2019-25152 | Abandoned Cart Lite for WooCommerce < 5.2.0 and Abandoned Cart Pro for WooCommerce < 7.13.0 - Stored Cross-Site Scripting | tychesoftwares | Abandoned Cart Lite for WooCommerce | High | 7.2 | 2023-06-22 01:49:51 | Deep Dive |
| CVE-2023-34000 | WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) | WooCommerce | WooCommerce Stripe Payment Gateway | High | 7.5 | 2023-06-14 07:30:11 | Deep Dive |
| CVE-2023-32118 | WordPress SALERT Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) | WPoperation | SALERT – Fake Sales Notification WooCommerce | High | 7.1 | 2023-06-12 14:56:59 | Deep Dive |
| CVE-2023-2275 | WooCommerce Multivendor Marketplace – REST API <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Order/Order Note Disclosure, Order Note Addition via REST API | wclovers | WCFM – Multivendor Marketplace REST API for WooCommerce | Medium | 4.3 | 2023-06-09 05:33:29 | Deep Dive |
| CVE-2023-2450 | WordPress Plugin FiboSearch - AJAX Search for WooCommerce 跨站脚本漏洞 | damian-gora | FiboSearch – Ajax Search for WooCommerce | Medium | 4.4 | 2023-06-09 05:33:23 | Deep Dive |
| CVE-2023-2986 | Abandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication Bypass | tychesoftwares | Abandoned Cart Lite for WooCommerce | Critical | 9.8 | 2023-06-08 01:56:23 | Deep Dive |
| CVE-2021-4379 | WooCommerce Multi Currency <= 2.1.17 - Missing Authorization | villatheme | CURCY - WooCommerce Multi Currency - Currency Switcher | Medium | 6.5 | 2023-06-07 12:43:13 | Deep Dive |
| CVE-2021-4337 | Multiple XforWooCommerce Add-On Plugins (Various Versions) - Missing Authorization | XforWooCommerce | Package Quantity Discount | High | 8.8 | 2023-06-07 12:43:07 | Deep Dive |
| CVE-2020-36731 | Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update | wpdesk | Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager | High | 7.2 | 2023-06-07 01:51:54 | Deep Dive |
| CVE-2019-25150 | Email Templates <= 1.3 - HTML Injection | saadiqbal | Email Templates Customizer and Designer for WordPress and WooCommerce | High | 8.8 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2019-25151 | Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 5.4 | 2023-06-07 01:51:52 | Deep Dive |
| CVE-2021-4376 | WooCommerce Multi Currency <= 2.1.17 - Missing Authorization | villatheme | CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x | Medium | 4.3 | 2023-06-07 01:51:46 | Deep Dive |
| CVE-2020-36725 | TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update | TemplateInvaders | TI WooCommerce Wishlist Pro | High | 8.8 | 2023-06-07 01:51:45 | Deep Dive |
| CVE-2023-3126 | B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure | webwizardsdev | B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More | Medium | 4.3 | 2023-06-07 01:51:45 | Deep Dive |
| CVE-2021-4372 | WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting | RightPress | WooCommerce Dynamic Pricing and Discounts | Medium | 6.5 | 2023-06-07 01:51:41 | Deep Dive |
| CVE-2023-3125 | B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification | webwizardsdev | B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More | Medium | 6.5 | 2023-06-07 01:51:40 | Deep Dive |
| CVE-2020-36715 | Login/Signup Popup < 1.5 - Missing Authorization | xootix | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | High | 7.4 | 2023-06-07 01:51:33 | Deep Dive |
| CVE-2020-36711 | Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2023-06-07 01:51:25 | Deep Dive |
| CVE-2021-4347 | Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change | zorem | Advanced Shipment Tracking for WooCommerce | Critical | 9.9 | 2023-06-07 01:51:16 | Deep Dive |