Exposure of WooCommerce
Ecommerce, WordPress plugins1,807
exposure score
591,334
sites use
0
exploited
158
critical
CVEs
2,037 resultsCVE-2022-4109LOWWholesale Market for WooCommerce < 2.0.0 - Admin+ Arbitrary Log DownloadEPSS 0.7%CVE-2022-41623HIGHWordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerabilityEPSS 0.7%CVE-2022-40194MEDIUMWordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerabilityEPSS 0.7%CVE-2025-12493CRITICALShopLentor <= 3.2.5 - Unauthenticated Local PHP File Inclusion via 'load_template'EPSS 0.7%CVE-2022-46802MEDIUMWordPress Product Reviews Import Export for WooCommerce Plugin <= 1.4.8 is vulnerable to CSV InjectionEPSS 0.7%CVE-2022-30998CRITICALWordPress Homepage Product Organizer for WooCommerce plugin <= 1.1 - Multiple Authenticated SQL Injection (SQLi) vulnerabilitiesEPSS 0.7%CVE-2024-32680HIGHWordPress HUSKY plugin <= 1.3.5.2 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2024-5871CRITICALWooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object InjectionEPSS 0.7%CVE-2023-48742HIGHWordPress License Manager for WooCommerce Plugin <= 2.2.10 is vulnerable to SQL InjectionEPSS 0.7%CVE-2020-36715HIGHLogin/Signup Popup < 1.5 - Missing AuthorizationEPSS 0.7%CVE-2023-47777MEDIUMWordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerabilityEPSS 0.7%CVE-2023-2843HIGHMultiParcels Shipping For WooCommerce < 1.14.15 - Subscribers+ SQLiEPSS 0.7%CVE-2022-25649MEDIUMWordPress Affiliate For WooCommerce premium plugin <= 4.7.0 - Multiple Improper Access Control vulnerabilitiesEPSS 0.7%CVE-2023-3126MEDIUMB2BKing <= 4.6.00 - Missing Authorization to Authenticated(Subscriber+) Information DisclosureEPSS 0.7%CVE-2024-31266CRITICALWordPress Advanced Order Export For WooCommerce plugin <= 3.4.4 - Remote Code Execution (RCE) vulnerabilityEPSS 0.7%CVE-2023-49777CRITICALWordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object InjectionEPSS 0.7%CVE-2024-2311MEDIUMAvada <= 7.11.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.7%CVE-2024-13342HIGHBooster for WooCommerce <= 7.2.4 - Unauthenticated Double Extension Arbitrary File UploadEPSS 0.7%CVE-2024-3067HIGHWooCommerce Google Feed Manager <= 2.4.2 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site ScriptingEPSS 0.7%CVE-2024-32781HIGHWordPress Email Customizer for WooCommerce plugin <= 2.6.0 - Sensitive Data Exposure vulnerabilityEPSS 0.7%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →