Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

woocommerce — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting woocommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by woocommerce:AutomateWooWooCommerce Stripe Payment GatewayProduct VendorsShipping Multiple AddresseswoocommerceWooCommerce SquareWooCommerce BookingsProduct Add-OnsWooCommerce Box OfficeWooCommerce Pre-OrdersWooCommerce Follow-Up Emails (AutomateWoo)WooCommerce Brandswoocommerce-gutenberg-products-blockWooPayments: Integrated WooCommerce PaymentsGoogle for WooCommerceWooCommerce Smart CouponsWooCommerce One Page CheckoutWooCommerce Shipping Per ProductCanada Post Shipping MethodGoCardlessWoo SubscriptionsWooCommerce Product VendorsProduct RecommendationsBulk Stock ManagementWooCommerce PayPal PaymentsComposite ProductsWooCommerce Order BarcodesReturns and Warranty Requests
CVE IDTitleCVSSSeverityPublished
CVE-2026-1710 WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax — WooPayments: Integrated WooCommerce PaymentsCWE-285 6.5 Medium2026-03-31
CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id — WooCommerce SquareCWE-639 7.5 High2026-01-10
CVE-2024-10486 Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File — Google for WooCommerceCWE-862 5.3 Medium2024-11-18
CVE-2020-36841 WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation — WooCommerce Smart CouponsCWE-285 5.3 Medium2024-10-16
CVE-2017-20193 Product Vendors <= 2.0.35 - Reflected Cross Site Scripting — Product VendorsCWE-79 4.7 Medium2024-10-16
CVE-2023-35049 WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability — WooCommerce Stripe Payment GatewayCWE-862 7.5 High2024-06-19
CVE-2024-37297 WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms — woocommerceCWE-79 5.4 Medium2024-06-12
CVE-2023-35881 WordPress WooCommerce One Page Checkout plugin <= 2.3.0 - Local File Inclusion vulnerability — WooCommerce One Page CheckoutCWE-22 7.6 High2024-05-17
CVE-2023-51499 WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability — WooCommerce Shipping Per ProductCWE-862 4.3 Medium2024-04-12
CVE-2023-44999 WordPress WooCommerce Stripe Gateway plugin <= 7.6.0 - Cross Site Request Forgery (CSRF) vulnerability — WooCommerce Stripe Payment GatewayCWE-352 5.4 Medium2024-03-27
CVE-2024-24799 WordPress WooCommerce Box Office plugin <= 1.2.2 - Broken Access Control vulnerability — WooCommerce Box OfficeCWE-862 6.5 Medium2024-03-26
CVE-2023-51502 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Stripe Payment GatewayCWE-639 7.5 High2024-01-05
CVE-2023-32795 WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection — Product Add-OnsCWE-502 8.2 High2023-12-28
CVE-2023-32799 WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR) — Shipping Multiple AddressesCWE-639 6.5 Medium2023-12-21
CVE-2023-32747 WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce BookingsCWE-639 5.4 Medium2023-12-21
CVE-2023-33318 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Arbitrary File Upload — AutomateWooCWE-434 9.9 Critical2023-12-20
CVE-2023-32743 WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to SQL Injection — AutomateWooCWE-89 7.6 High2023-12-20
CVE-2023-33330 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.50 is vulnerable to SQL Injection — AutomateWooCWE-89 8.5 High2023-12-20
CVE-2023-35914 WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR) — Woo SubscriptionsCWE-639 7.5 High2023-12-20
CVE-2023-35876 WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce SquareCWE-639 8.1 High2023-12-20
CVE-2023-37871 WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR) — GoCardlessCWE-639 8.2 High2023-12-20
CVE-2023-33331 WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to SQL Injection — Product VendorsCWE-89 8.5 High2023-12-18
CVE-2023-47789 WordPress WooCommerce Canada Post Shipping Plugin <= 2.8.3 is vulnerable to Cross Site Request Forgery (CSRF) — Canada Post Shipping MethodCWE-352 4.3 Medium2023-12-18
CVE-2023-47787 WordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce BookingsCWE-352 4.3 Medium2023-12-18
CVE-2023-32744 WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) — Product RecommendationsCWE-352 8.8 -2023-11-09
CVE-2023-32745 WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF) — AutomateWooCWE-352 8.8 -2023-11-09
CVE-2023-32794 WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF) — Product Add-OnsCWE-352 8.8 -2023-11-09
CVE-2023-35879 WordPress WooCommerce Product Vendors Plugin <= 2.1.78 is vulnerable to SQL Injection — Product VendorsCWE-89 9.8 -2023-10-31
CVE-2023-34004 WordPress WooCommerce Box Office Plugin <= 1.1.50 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Box OfficeCWE-79 6.5 Medium2023-08-30
CVE-2023-33317 WordPress WooCommerce Warranty Requests Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) — Returns and Warranty RequestsCWE-79 7.1 High2023-08-30

This page lists every published CVE security advisory associated with woocommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.