Exposure of WooCommerce

Ecommerce, WordPress plugins
1,871
exposure score
591,334
sites use
0
exploited
159
critical
Vexday analysis

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2,057 results
CVE-2026-56061HIGHWordPress Subscriptions for WooCommerce plugin <= 1.9.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-34898HIGHWordPress Event Tickets Manager for WooCommerce plugin <= 1.5.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-11727HIGHOmnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-24632HIGHWordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.9.0 -Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-24551HIGHWordPress Radio Buttons and Swatches for WooCommerce plugin <= 1.1.20 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2023-40327MEDIUMWordPress Putler Connector for WooCommerce plugin <= 2.12.0 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-34015MEDIUMWordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2024-0796MEDIUMActive Products Tables for WooCommerce. Professional products tables for WooCommerce store <= 1.0.6.1 - Cross-Site Request ForgeryEPSS 0.2%CVE-2024-53740HIGHWordPress WooCommerce Ultimate Gift Card plugin < 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-53742HIGHWordPress Multilevel Referral Affiliate plugin for WooCommerce plugin <= 2.27 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-68024MEDIUMWordPress Addonify – WooCommerce Wishlist plugin <= 2.0.15 - Settings Change vulnerabilityEPSS 0.2%CVE-2025-68025MEDIUMWordPress Addonify Floating Cart For WooCommerce plugin <= 1.2.17 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-26888MEDIUMWordPress WooCommerce Multilingual & Multicurrency plugin <= 5.3.8 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2023-3764MEDIUMWooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery via SaveEPSS 0.2%CVE-2026-1925MEDIUMEmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title ModificationEPSS 0.2%CVE-2024-43292MEDIUMWordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <= 1.4.16 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-13441MEDIUMHide Category by User Role for WooCommerce <= 2.3.1 - Missing Authorization to Unauthenticated Cache FlushingEPSS 0.2%CVE-2025-11894MEDIUMShelf Planner <= 2.8.1 - Missing Authorization to Unauthenticated Settings UpdateEPSS 0.2%CVE-2024-34751MEDIUMWordPress Order Export & Order Import for WooCommerce plugin <= 2.4.9 - PHP Object Injection vulnerabilityEPSS 0.2%CVE-2025-58686HIGHWordPress Perfect Brands for WooCommerce plugin <= 3.6.2 - SQL Injection vulnerabilityEPSS 0.2%

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →