Exposure of WooCommerce
Ecommerce, WordPress plugins1,807
exposure score
591,334
sites use
0
exploited
158
critical
CVEs
2,037 resultsCVE-2024-1310MEDIUMWooCommerce < 8.6 - Contributor+ Private/Draft Products AccessEPSS 0.7%CVE-2022-2092—WooCommerce PDF Invoices & Packing Slips < 2.16.0 - Reflected Cross-Site ScriptingEPSS 0.7%CVE-2024-12721HIGHCustom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object InjectionEPSS 0.7%CVE-2023-6327MEDIUMShopLentor (formerly WooLentor) <= 2.8.7 - Missing Authorization via purchased_new_productsEPSS 0.7%CVE-2022-44634MEDIUMWordPress S2W – Import Shopify to WooCommerce plugin <= 1.1.12 - Auth. Arbitrary File Read vulnerabilityEPSS 0.7%CVE-2024-4371CRITICALCoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object InjectionEPSS 0.7%CVE-2022-0775MEDIUMWooCommerce < 6.2.1 - Subscriber+ Arbitrary Comment DeletionEPSS 0.7%CVE-2024-1862HIGHWooCommerce Add to Cart Custom Redirect <= 1.2.13 - Authenticated(Contributor+) Missing Authorization to Limited Arbitrary Options UpdateEPSS 0.7%CVE-2026-4664MEDIUMCustomer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' ParameterEPSS 0.7%CVE-2024-3934MEDIUMMercado Pago payments for WooCommerce 7.3.0 - 7.6.1 - Authenticated (Subscriber+) Arbitrary File DownloadEPSS 0.7%CVE-2023-4603MEDIUMStar CloudPRNT for WooCommerce <= 2.0.3 - Reflected Cross-Site ScriptingEPSS 0.7%CVE-2025-10046MEDIUMELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - Authenticated (Admin+) SQL InejctionEPSS 0.7%CVE-2025-47608CRITICALWordPress Recover abandoned cart for WooCommerce plugin <= 2.5 - SQL Injection VulnerabilityEPSS 0.7%CVE-2022-2090—Woo Discount Rules < 2.4.2 - Reflected Cross-Site ScriptingEPSS 0.7%CVE-2022-1546—WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site ScriptingEPSS 0.7%CVE-2024-0610CRITICALPiraeus Bank WooCommerce Payment Gateway <= 1.6.5.1 - Unauthenticated SQL InjectionEPSS 0.7%CVE-2024-1668MEDIUMAvada <= 7.11.5 - Authenticated(Contributor+) Sensitive Information Exposure via Form EntriesEPSS 0.7%CVE-2024-13487HIGHCURCY – Multi Currency for WooCommerce <= 2.2.5 - Unauthenticated Arbitrary Shortcode Execution via get_products_price FunctionEPSS 0.7%CVE-2022-29425MEDIUMWordPress Checkout Files Upload for WooCommerce plugin <= 2.1.2 - Cross-Site Scripting (XSS) vulnerabilityEPSS 0.7%CVE-2021-4347CRITICALAdvanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options ChangeEPSS 0.7%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →