Exposición de WooCommerce
Ecommerce, WordPress plugins1776
score de exposición
591.334
sitios usan
0
en explotación
157
críticos
CVEs
2028 resultadosCVE-2022-3490HIGHCheckout Field Editor for WooCommerce < 1.8.0 - Admin+ PHP Object InjectionEPSS 1.1%CVE-2021-42363MEDIUMPreview E-Mails for WooCommerce <= 1.6.8 Reflected Cross-Site ScriptingEPSS 1.1%CVE-2025-5058CRITICALeMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_image()EPSS 1.1%CVE-2023-0080HIGHCustomer Reviews for WooCommerce < 5.16.0 - Contributor+ LFIEPSS 1.1%CVE-2025-4336HIGHeMagicOne Store Manager for WooCommerce <= 1.2.5 - Unauthenticated Arbitrary File Upload via set_file()EPSS 1.1%CVE-2024-54383CRITICALWordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerabilityEPSS 1.1%CVE-2024-34370HIGHWordPress EAN for WooCommerce plugin <= 4.8.9 - Arbitrary Option Update to Privilege Escalation vulnerabilityEPSS 1.1%CVE-2023-2276CRITICALWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 1.1%CVE-2020-36696HIGHProduct Input Fields for WooCommerce <= 1.2.6 - Missing AuthorizationEPSS 1.1%CVE-2022-4940HIGHWCFM Membership <= 2.10.0 - Missing AuthorizationEPSS 1.1%CVE-2024-8030CRITICALUltimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object InjectionEPSS 1.1%CVE-2022-3603CRITICALExport customers list CSV for WooCommerce < 2.0.69 - CSV InjectionEPSS 1.1%CVE-2019-5979—Cross-site request forgery (CSRF) vulnerability in Personalized WooCommerce Cart Page 2.4 and earlier allows remote attackers to hijack the EPSS 1.0%CVE-2024-50482CRITICALWordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Upload vulnerabilityEPSS 1.0%CVE-2024-3734MEDIUMFOX – Currency Switcher Professional for WooCommerce <= 1.4.1.8 - Unauthenticated Arbitrary Shortcode ExecutionEPSS 1.0%CVE-2024-50508HIGHWordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Download vulnerabilityEPSS 1.0%CVE-2024-12152HIGHMIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File DownloadEPSS 1.0%CVE-2024-4455HIGHYITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site ScriptingEPSS 1.0%CVE-2024-7257CRITICALYayExtra – WooCommerce Extra Product Options <= 1.3.7 - Unauthenticated Arbitrary File Upload via handle_upload_file FunctionEPSS 1.0%CVE-2022-40700HIGHServer Side Request Forgery (SSRF) vulnerability affecting multiple WordPress pluginsEPSS 1.0%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →