Exposición de WooCommerce

Ecommerce, WordPress plugins

1859

score de exposición

591.334

sitios usan

0

en explotación

159

críticos

Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2053 resultados

CVE-2023-51497MEDIUMWordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-12883MEDIUMCampay Woocommerce Payment Gateway <= 1.2.2 - Unauthenticated Payment BypassEPSS 0.3%CVE-2024-31359MEDIUMWordPress Premmerce Product Filter for WooCommerce plugin <= 3.7.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5868MEDIUMWooCommerce - Social Login <= 2.6.2 - Email Verification due to Insufficient RandomnessEPSS 0.3%CVE-2024-6480MEDIUMSIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) Cross-Site ScriptingEPSS 0.3%CVE-2024-37502MEDIUMWordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerabilityEPSS 0.3%CVE-2023-52186MEDIUMWordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-35748MEDIUMWordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerabilityEPSS 0.3%CVE-2023-51496MEDIUMWordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2022-40128MEDIUMWordPress Advanced Order Export For WooCommerce plugin <= 3.3.2 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.3%CVE-2024-27969MEDIUMWordPress Free Downloads WooCommerce plugin <= 3.5.8.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-10731MEDIUMReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data ExportEPSS 0.3%CVE-2024-6575MEDIUMThe Plus Addons for Elementor <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TP Page Scroll WidgetEPSS 0.3%CVE-2023-51485MEDIUMWordPress Pay with Vipps for WooCommerce Plugin <= 1.14.13 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-51669MEDIUMWordPress Product Code for WooCommerce Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-51480MEDIUMWordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-30492MEDIUMWordPress Minimum Purchase for WooCommerce Plugin <= 2.0.0.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-46783MEDIUMWordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2025-32929HIGHWordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2026-49072MEDIUMWordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerabilityEPSS 0.3%

← anteriorpágina 60 / 103siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →