Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

woocommerce — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting woocommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by woocommerce:AutomateWooWooCommerce Stripe Payment GatewayProduct VendorsShipping Multiple AddresseswoocommerceWooCommerce SquareWooCommerce BookingsProduct Add-OnsWooCommerce Box OfficeWooCommerce Pre-OrdersWooCommerce Follow-Up Emails (AutomateWoo)WooCommerce Brandswoocommerce-gutenberg-products-blockWooPayments: Integrated WooCommerce PaymentsGoogle for WooCommerceWooCommerce Smart CouponsWooCommerce One Page CheckoutWooCommerce Shipping Per ProductCanada Post Shipping MethodGoCardlessWoo SubscriptionsWooCommerce Product VendorsProduct RecommendationsBulk Stock ManagementWooCommerce PayPal PaymentsComposite ProductsWooCommerce Order BarcodesReturns and Warranty Requests
CVE IDTitleCVSSSeverityPublished
CVE-2023-32746 WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS) — WooCommerce BrandsCWE-79 6.5 Medium2023-08-30
CVE-2023-32793 WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Pre-OrdersCWE-79 6.5 Medium2023-08-30
CVE-2023-32802 WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Pre-OrdersCWE-79 7.1 High2023-08-30
CVE-2023-32801 WordPress WooCommerce Composite Products Plugin <= 8.7.5 is vulnerable to Cross Site Scripting (XSS) — Composite ProductsCWE-79 7.1 High2023-08-30
CVE-2023-37873 WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Scripting (XSS) — Shipping Multiple AddressesCWE-79 7.1 High2023-08-05
CVE-2023-36514 WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) — Shipping Multiple AddressesCWE-352 6.5 Medium2023-07-17
CVE-2023-36513 WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) — AutomateWooCWE-352 5.4 Medium2023-07-17
CVE-2023-36511 WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce Order BarcodesCWE-352 4.3 Medium2023-07-17
CVE-2023-35880 WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce BrandsCWE-352 5.4 Medium2023-07-17
CVE-2023-35917 WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce PayPal PaymentsCWE-352 4.3 Medium2023-06-22
CVE-2023-35918 WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS) — Bulk Stock ManagementCWE-79 7.1 High2023-06-22
CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Stripe Payment GatewayCWE-639 7.5 High2023-06-14
CVE-2023-33332 WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Product VendorsCWE-79 7.1 High2023-05-28
CVE-2023-33319 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Follow-Up Emails (AutomateWoo)CWE-79 7.1 High2023-05-28
CVE-2023-33316 WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce Follow-Up Emails (AutomateWoo)CWE-352 5.4 Medium2023-05-28
CVE-2021-32790 Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint — woocommerceCWE-89 4.9 Medium2021-07-26
CVE-2021-32789 Arbitrary SQL (SQL injection) possible via the Store API component. — woocommerce-gutenberg-products-blockCWE-89 7.5 High2021-07-26

This page lists every published CVE security advisory associated with woocommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.