Exposure of WooCommerce

Ecommerce, WordPress plugins

1,871

exposure score

591,334

sites use

0

exploited

159

critical

Vexday analysis

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2,057 results

CVE-2024-7846MEDIUMYITH WooCommerce Ajax Search < 2.7.1 - Contributor+ Stored XSSEPSS 0.3%CVE-2026-56060HIGHWordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 7.1.1 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-48331HIGHWordPress WooCommerce Orders & Customers Exporter <= 5.0 - Sensitive Data Exposure VulnerabilityEPSS 0.3%CVE-2026-34891HIGHWordPress IDPay Payment Gateway for Woocommerce plugin <= 2.2.5 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-22337HIGHWordPress Order Audit Log for WooCommerce plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-22307HIGHWordPress Product Table for WooCommerce plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2023-50834MEDIUMWordPress WooCommerce Menu Extension Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-7320MEDIUMWooCommerce <= 7.8.2 - Sensitive Information ExposureEPSS 0.3%CVE-2024-11727MEDIUMNotificationX – Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar <= 2.9.3 - Authenticated (Admin+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-50448HIGHWordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-48122CRITICALWordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - SQL Injection VulnerabilityEPSS 0.3%CVE-2024-11934MEDIUMFormaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.3%CVE-2023-52179MEDIUMWordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13974MEDIUMEmail Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template ContentEPSS 0.3%CVE-2025-13110MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'EPSS 0.3%CVE-2024-13868MEDIUMEasy Broken Link Checker <= 9.0.2 - Reflected XSSEPSS 0.3%CVE-2025-67564MEDIUMWordPress Pixel Manager for WooCommerce plugin <= 1.51.1 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-14843MEDIUMWizit Gateway for WooCommerce <= 1.2.9 - Missing Authentication to Unauthenticated Arbitrary Order CancellationEPSS 0.3%CVE-2022-38470MEDIUMWordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2025-14971MEDIUMLink Invoice Payment for WooCommerce <= 2.8.0 - Missing Authorization to Unauthenticated Arbitrary Partial Payment Creation/CancellationEPSS 0.3%

← previouspage 62 / 103next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →