Exposición de WooCommerce

Ecommerce, WordPress plugins

1859

score de exposición

591.334

sitios usan

0

en explotación

159

críticos

Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2053 resultados

CVE-2024-10049MEDIUMEdit WooCommerce Templates <= 1.1.2 - Reflected Cross-Site Scripting via pageEPSS 0.3%CVE-2026-1748MEDIUMInvoct – PDF Invoices & Billing for WooCommerce <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Information ExposureEPSS 0.3%CVE-2025-30959MEDIUMWordPress Product XML Feed Manager for WooCommerce <= 2.9.2 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-9612MEDIUMWhatsOrder <= 1.0.1 - Unauthenticated Sensitive Information Exposure via Predictable Invoice File URLsEPSS 0.3%CVE-2022-4426MEDIUMMautic Integration For WooCommerce < 1.0.3 - Arbitrary Options Update via CSRFEPSS 0.3%CVE-2022-2382—Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options DeletionEPSS 0.3%CVE-2022-2389—Automations By Autonami < 2.1.2 - Subscriber+ Automation CreationEPSS 0.3%CVE-2025-53213CRITICALWordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload VulnerabilityEPSS 0.3%CVE-2025-15400MEDIUMOpenPix <= 2.13.3 - Subscriber+ Payment Gateway Settings ResetEPSS 0.3%CVE-2024-24886MEDIUMWordPress Product Labels For Woocommerce Plugin <= 1.5.3 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2026-1938MEDIUMYayMail <= 4.3.2 - Missing Authorization to Authenticated (Shop Manager+) License Key Deletion via '/yaymail-license/v1/license/delete' EndpointEPSS 0.3%CVE-2026-1926MEDIUMSubscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription CancellationEPSS 0.3%CVE-2025-68018CRITICALWordPress Order Listener for WooCommerce plugin <= 3.6.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-0656HIGHiPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information DisclosureEPSS 0.3%CVE-2025-11741MEDIUMWPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product ExposureEPSS 0.3%CVE-2025-47463HIGHWordPress Stock Locations for WooCommerce plugin <= 2.8.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-49071MEDIUMWordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerabilityEPSS 0.3%CVE-2023-48284MEDIUMWordPress Decorator – WooCommerce Email Customizer Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2026-2579HIGHWowStore – Store Builder & Product Blocks for WooCommerce <= 4.4.3 - Unauthenticated SQL Injection via 'search' ParameterEPSS 0.3%CVE-2025-22724MEDIUMWordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%

← anteriorpágina 61 / 103siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →