Exposición de WooCommerce

Ecommerce, WordPress plugins

1859

score de exposición

591.334

sitios usan

0

en explotación

159

críticos

Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2053 resultados

CVE-2024-9178MEDIUMXT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-10563MEDIUMWooCommerce Cart Count Shortcode < 1.1.0 - Contributor+ XSSEPSS 0.3%CVE-2024-30537MEDIUMWordPress WPC Badge Management for WooCommerce plugin <= 2.4.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35724MEDIUMWordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-31267MEDIUMWordPress Flexible Checkout Fields for WooCommerce plugin <= 4.1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35727MEDIUMWordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47645HIGHWordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Subscriber+ SQL Injection vulnerabilityEPSS 0.3%CVE-2024-4485MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-9217MEDIUMCurrency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-0768MEDIUMEnvo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_theme_activationEPSS 0.3%CVE-2023-3547HIGHAll in One B2B for WooCommerce <= 1.0.3 - Multiple CSRFEPSS 0.3%CVE-2025-22713HIGHWordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - SQL Injection vulnerabilityEPSS 0.3%CVE-2021-4444HIGHProduct Filter by WooBeWoo <= 1.4.9 - Missing AuthorizationEPSS 0.3%CVE-2026-3231HIGHCheckout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio FieldEPSS 0.3%CVE-2025-23966HIGHWordPress a Gateway for Pasargad Bank on WooCommerce Plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2023-49855MEDIUMWordPress BC Menu Bar Cart Icon For WooCommerce By Binary Carpenter Plugin <= 1.49.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-5259MEDIUMMultiVendorX Marketplace – WooCommerce MultiVendor Marketplace Solution <= 4.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via hover_animation ParameterEPSS 0.3%CVE-2022-4941MEDIUMWCFM Membership <= 2.9.10 - Cross-Site Request ForgeryEPSS 0.3%CVE-2025-12468MEDIUMFunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2023-4948MEDIUMWooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR UpdateEPSS 0.3%

← anteriorpágina 57 / 103siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →