Exposure of WooCommerce

Ecommerce, WordPress plugins
1,871
exposure score
591,334
sites use
0
exploited
159
critical
Vexday analysis

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2,057 results
CVE-2024-12337MEDIUMShipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-idsEPSS 0.3%CVE-2024-11276MEDIUMPDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2023-48773MEDIUMWordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-37544MEDIUMWordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-4937MEDIUMBEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product ManipulationEPSS 0.3%CVE-2023-4935MEDIUMBEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile CreationEPSS 0.3%CVE-2024-10711HIGHWooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.3%CVE-2025-69385MEDIUMWordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2024-11687MEDIUMNext-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-35698MEDIUMWordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-3815MEDIUMNewspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment MetaEPSS 0.3%CVE-2026-28114CRITICALWordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-3456HIGHGeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'EPSS 0.3%CVE-2025-23450HIGHWordPress AW WooCommerce Kode Pembayaran plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32586HIGHWordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-11814MEDIUMAdditional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2022-43491MEDIUMWordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.1.5 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-1857MEDIUMUltimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates <= 2.6.6 - Missing Authorization to Unauthenticated Information ExposureEPSS 0.3%CVE-2026-24583MEDIUMWordPress SumUp Payment Gateway For WooCommerce plugin <= 2.7.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-47181MEDIUMWordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →