Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

woocommerce — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in woocommerce, with AI-generated Chinese analysis, references, and POCs.

Vendor: Automattic

CVE IDTitleCVSSSeverityPublished
CVE-2026-3589 WooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRF 8.8 -2026-03-06
CVE-2025-15033 WooCommerce - Subscriber/Customer+ Order Data Disclosure 4.3AIMediumAI2025-12-22
CVE-2023-7320 WooCommerce <= 7.8.2 - Sensitive Information Exposure CWE-200 5.3 Medium2025-10-29
CVE-2025-49042 WordPress WooCommerce plugin <= 10.0.2 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2025-10-29
CVE-2025-5062 WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting CWE-79 6.1 Medium2025-05-22
CVE-2025-26762 WordPress WooCommerce plugin <= 9.7.0 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2025-03-27
CVE-2024-9944 WooCommerce <= 9.0.2 - Unauthenticated HTML Injection CWE-79 5.3 Medium2024-10-15
CVE-2024-39666 WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability CWE-79 5.9 Medium2024-08-18
CVE-2024-35777 WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability CWE-74 3.5 Low2024-07-09
CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms CWE-79 5.4 Medium2024-06-12
CVE-2024-1310 WooCommerce < 8.6 - Contributor+ Private/Draft Products Access 4.3AIMediumAI2024-04-15
CVE-2024-22155 WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 4.3 Medium2024-04-07
CVE-2022-0775 WooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment Deletion 4.3 -2024-01-16
CVE-2023-52222 WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 4.3 Medium2024-01-08
CVE-2023-47777 WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2023-11-30
CVE-2022-2099 WooCommerce < 6.6.0 - Admin+ Stored HTML Injection 5.4 -2022-07-17
CVE-2021-32790 Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint CWE-89 4.9 Medium2021-07-26
CVE-2021-24323 Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS) CWE-79 4.8 -2021-05-17

All 18 known CVE vulnerabilities affecting woocommerce with full Chinese analysis, references, and POCs where available.