| CVE-2022-47449 | WordPress Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) | RexTheme | Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD | High | 7.1 | 2023-05-04 20:18:34 | Deep Dive |
| CVE-2023-28121 | WordPress plugin WooCommerce Payments 授权问题漏洞 | - | WooCommerce Payments WordPress Plugin | 超危 | - | 2023-04-12 00:00:00 | Deep Dive |
| CVE-2023-29170 | WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Product Enquiry for WooCommerce, WooCommerce product catalog | Medium | 5.9 | 2023-04-07 14:35:55 | Deep Dive |
| CVE-2023-29094 | WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS) | PI Websolution | Product page shipping calculator for WooCommerce | Medium | 5.9 | 2023-04-07 12:59:30 | Deep Dive |
| CVE-2022-46793 | WordPress Product Feed PRO for WooCommerce Plugin <= 12.4.4 is vulnerable to Cross Site Request Forgery (CSRF) | AdTribes.io | Product Feed PRO for WooCommerce | Medium | 5.4 | 2023-04-06 12:44:09 | Deep Dive |
| CVE-2022-4941 | WCFM Membership <= 2.9.10 - Cross-Site Request Forgery | wclovers | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | Medium | 6.3 | 2023-04-05 18:00:49 | Deep Dive |
| CVE-2022-4940 | WCFM Membership <= 2.10.0 - Missing Authorization | wclovers | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | High | 7.3 | 2023-04-05 18:00:40 | Deep Dive |
| CVE-2022-4939 | WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation | wclovers | WCFM Membership – WooCommerce Memberships for Multivendor Marketplace | Critical | 9.8 | 2023-04-05 18:00:30 | Deep Dive |
| CVE-2022-4938 | WCFM Frontend Manager <= 6.5.13 - Cross-Site Request Forgery | wclovers | WCFM – Frontend Manager for WooCommerce | Medium | 6.3 | 2023-04-05 17:40:32 | Deep Dive |
| CVE-2022-4937 | WordPress plugin Frontend Manager 安全漏洞 | wclovers | WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible | Medium | 6.3 | 2023-04-05 17:40:18 | Deep Dive |
| CVE-2022-4936 | WCFM Marketplace <= 3.4.12 - Cross-Site Request Forgery | wclovers | WCFM Marketplace – Multivendor Marketplace for WooCommerce | Medium | 6.3 | 2023-04-05 17:27:54 | Deep Dive |
| CVE-2022-4935 | WCFM Marketplace <= 3.4.11 - Missing Authorization | wclovers | WCFM Marketplace – Multivendor Marketplace for WooCommerce | High | 8.8 | 2023-04-05 17:27:40 | Deep Dive |
| CVE-2023-0503 | Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF | Unknown | Free WooCommerce Theme 99fy Extension | 中危 | - | 2023-03-27 15:37:31 | Deep Dive |
| CVE-2022-46843 | WordPress Woocommerce Vietnam Checkout Plugin <= 2.0.4 is vulnerable to Cross Site Scripting (XSS) | Le Van Toan | Woocommerce Vietnam Checkout | High | 7.1 | 2023-03-27 13:55:41 | Deep Dive |
| CVE-2022-47173 | WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS) | nasirahmed | Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration | Medium | 5.9 | 2023-03-23 15:57:30 | Deep Dive |
| CVE-2022-47589 | WordPress CTT Expresso para WooCommerce Plugin <= 3.2.11 is vulnerable to Cross Site Scripting (XSS) | this.functional | CTT Expresso para WooCommerce | Medium | 5.9 | 2023-03-23 14:48:01 | Deep Dive |
| CVE-2023-28422 | WordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS) | MagePeople Team | Event Manager and Tickets Selling Plugin for WooCommerce | Medium | 5.9 | 2023-03-23 11:45:08 | Deep Dive |
| CVE-2023-0865 | WooCommerce Multiple Customer Addresses & Shipping < 21.7 - Arbitrary Address Creation/Deletion/Access/Update via IDOR | Unknown | WooCommerce Multiple Customer Addresses & Shipping | 高危 | - | 2023-03-20 15:52:15 | Deep Dive |
| CVE-2022-47154 | WordPress CSS JS Manager Plugin <= 2.4.49 is vulnerable to Cross Site Request Forgery (CSRF) | Pi Websolution | CSS JS Manager, Async JavaScript, Defer Render Blocking CSS supports WooCommerce | Medium | 4.3 | 2023-03-14 07:11:41 | Deep Dive |
| CVE-2022-4661 | Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode | Unknown | Widgets for WooCommerce Products on Elementor | 中危 | - | 2023-03-13 16:03:35 | Deep Dive |