Exposición de WooCommerce

Ecommerce, WordPress plugins

1807

score de exposición

591.334

sitios usan

0

en explotación

158

críticos

Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2037 resultados

CVE-2024-12438MEDIUMWooCommerce Digital Content Delivery (incl. DRM) – FlickRocket <= 4.75 - Reflected Cross-Site ScriptingEPSS 0.4%CVE-2024-43259MEDIUMWordPress Order Export for WooCommerce plugin <= 3.23 - Sensitive Data Exposure vulnerabilityEPSS 0.4%CVE-2024-3609MEDIUMReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing AuthorizationEPSS 0.4%CVE-2025-31580HIGHWordPress Ni WooCommerce Product Enquiry plugin <= 4.1.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-31758MEDIUMWordPress Free Woocommerce Product Table View plugin <= 1.78 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2024-13750MEDIUMMultilevel Referral Affiliate Plugin for WooCommerce <= 2.28 - Authenticated (Subscriber+) SQL InjectionEPSS 0.4%CVE-2023-34170MEDIUMWordPress Quick/Bulk Order Form for WooCommerce Plugin <= 3.5.7 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-33216MEDIUMWordPress WooDiscuz – WooCommerce Comments Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-29423MEDIUMWordPress Cancel order request WooCommerce Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-29170MEDIUMWordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-29094MEDIUMWordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-28991MEDIUMWordPress Order date time for WooCommerce Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-28988MEDIUMWordPress Direct checkout, Add to cart redirect for Woocommerce Plugin <= 2.1.48 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-28422MEDIUMWordPress Event Manager for WooCommerce Plugin <= 3.8.6 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2026-11360MEDIUMAdvanced Order Export For WooCommerce <= 4.0.10 - Authenticated (Shop Manager+) SQL Injection via 'sort_direction' ParameterEPSS 0.4%CVE-2022-2555—Yotpo Reviews for WooCommerce <= 2.0.4 - Arbitrary Settings Update via CSRFEPSS 0.4%CVE-2024-4983MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-9214MEDIUMExtra Product Options Builder for WooCommerce <= 1.2.133 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-10837MEDIUMSysBasics Customize My Account for WooCommerce <= 2.7.29 - Reflected Cross-Site Scripting via tab ParameterEPSS 0.4%CVE-2024-8913MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_templateEPSS 0.4%

← anteriorpágina 45 / 102siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →