| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2020-36731 | Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update | wpdesk | Flexible Checkout Fields for WooCommerce – WooCommerce Checkout Manager | High | 7.2 | 2023-06-07 01:51:54 | Deep Dive |
| CVE-2019-25150 | Email Templates <= 1.3 - HTML Injection | saadiqbal | Email Templates Customizer and Designer for WordPress and WooCommerce | High | 8.8 | 2023-06-07 01:51:53 | Deep Dive |
| CVE-2019-25151 | Funnel Builder <= 1.3.0 - Arbitrary Plugin Activation | brainstormforce | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | Medium | 5.4 | 2023-06-07 01:51:52 | Deep Dive |
| CVE-2021-4376 | WooCommerce Multi Currency <= 2.1.17 - Missing Authorization | villatheme | CURCY – Multi Currency for WooCommerce – Smoothly on WooCommerce 9.x | Medium | 4.3 | 2023-06-07 01:51:46 | Deep Dive |
| CVE-2020-36725 | TI WooCommerce Wishlist <= 1.21.11 and TI WooCommerce Wishlist Pro <= 1.21.4 - Arbitrary Options Update | TemplateInvaders | TI WooCommerce Wishlist Pro | High | 8.8 | 2023-06-07 01:51:45 | Deep Dive |
| CVE-2023-3126 | B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information Disclosure | webwizardsdev | B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More | Medium | 4.3 | 2023-06-07 01:51:45 | Deep Dive |
| CVE-2021-4372 | WooCommerce Dynamic Pricing and Discounts <= 2.4.1 - Stored Cross-Site Scripting | RightPress | WooCommerce Dynamic Pricing and Discounts | Medium | 6.5 | 2023-06-07 01:51:41 | Deep Dive |
| CVE-2023-3125 | B2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Price Modification | webwizardsdev | B2BKing — Ultimate WooCommerce B2B and Wholesale Plugin — Wholesale Prices, Bulk Order Form & More | Medium | 6.5 | 2023-06-07 01:51:40 | Deep Dive |
| CVE-2020-36715 | Login/Signup Popup < 1.5 - Missing Authorization | xootix | Login & Register Customizer – Popup | Slider | Inline | WooCommerce | High | 7.4 | 2023-06-07 01:51:33 | Deep Dive |
| CVE-2020-36711 | Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting | ThemeFusion | Avada | Website Builder For WordPress & WooCommerce | Medium | 6.4 | 2023-06-07 01:51:25 | Deep Dive |
| CVE-2021-4347 | Advanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options Change | zorem | Advanced Shipment Tracking for WooCommerce | Critical | 9.9 | 2023-06-07 01:51:16 | Deep Dive |
| CVE-2020-36696 | Product Input Fields for WooCommerce <= 1.2.6 - Missing Authorization | tychesoftwares | Product Input Fields for WooCommerce | High | 7.5 | 2023-06-07 01:51:10 | Deep Dive |
| CVE-2023-2833 | ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | High | 8.8 | 2023-06-06 09:33:23 | Deep Dive |
| CVE-2023-2781 | User Email Verification for WooCommerce <= 3.5.0 - Authentication Bypass | sandeepsoni214 | User Email Verification for WooCommerce | High | 8.1 | 2023-06-02 23:37:57 | Deep Dive |
| CVE-2023-2256 | Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting | Unknown | Product Addons & Fields for WooCommerce | 中危 | - | 2023-05-30 07:49:09 | Deep Dive |
| CVE-2022-45372 | WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) | Codeixer | Product Gallery Slider for WooCommerce | Medium | 4.3 | 2023-05-29 00:15:46 | Deep Dive |
| CVE-2023-33332 | WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS) | WooCommerce | WooCommerce Product Vendors | High | 7.1 | 2023-05-28 18:53:50 | Deep Dive |
| CVE-2023-33319 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS) | WooCommerce | WooCommerce Follow-Up Emails (AutomateWoo) | High | 7.1 | 2023-05-28 18:07:45 | Deep Dive |
| CVE-2023-33316 | WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) | WooCommerce | WooCommerce Follow-Up Emails (AutomateWoo) | Medium | 5.4 | 2023-05-28 18:01:01 | Deep Dive |
| CVE-2023-33216 | WordPress WooDiscuz – WooCommerce Comments Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS) | gVectors Team | WooDiscuz – WooCommerce Comments | Medium | 5.9 | 2023-05-28 16:58:52 | Deep Dive |