Exposición de WooCommerce

Ecommerce, WordPress plugins

1859

score de exposición

591.334

sitios usan

0

en explotación

159

críticos

Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2053 resultados

CVE-2026-3355MEDIUMCustomer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch'EPSS 0.3%CVE-2025-12500MEDIUMCheckout Field Manager (Checkout Manager) for WooCommerce <= 7.8.1 - Unauthenticated Limited File UploadEPSS 0.3%CVE-2024-37203MEDIUMWordPress Laybuy Payment Extension for WooCommerce plugin <= 5.3.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-35912MEDIUMWordPress Potent Donations for WooCommerce Plugin <= 1.1.9 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-37201MEDIUMWordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-43134MEDIUMWordPress Waitlist Woocommerce plugin <= 2.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-67909HIGHWordPress Membership For WooCommerce plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-12336MEDIUMWC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.5.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via wf-export-allEPSS 0.3%CVE-2024-12384MEDIUMBinary MLM Woocommerce <= 2.0 - Reflected Cross-Site Scripting via 'page'EPSS 0.3%CVE-2025-68022HIGHWordPress Plugin BlueX for WooCommerce plugin <= 3.1.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-6836MEDIUMFunnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.4.6 - Missing Authorization to Authenticated (Contributor+) Settings UpdateEPSS 0.3%CVE-2024-12826MEDIUMGoHero Store Customizer for WooCommerce <= 3.5 - Missing Authorization to Unuthenticated Settings UpdateEPSS 0.3%CVE-2023-32296HIGHWordPress Kangu para WooCommerce Plugin <= 2.2.9 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-39162HIGHWordPress User Email Verification for WooCommerce Plugin <= 3.5.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-41691HIGHWordPress WooCommerce PensoPay Plugin <= 6.3.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2024-4608MEDIUMSellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id ParameterEPSS 0.3%CVE-2025-31411MEDIUMWordPress Linet ERP-Woocommerce Integration plugin <= 3.5.12 - Arbitrary File Read/Deletion vulnerabilityEPSS 0.3%CVE-2025-31794MEDIUMWordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2025-24597MEDIUMWordPress Barcode Generator for WooCommerce plugin <= 2.0.2 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2025-68023MEDIUMWordPress Addonify – Compare Products For WooCommerce plugin <= 1.1.17 - Settings Change vulnerabilityEPSS 0.3%

← anteriorpágina 56 / 103siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →