Exposición de WooCommerce

Ecommerce, WordPress plugins

1871

score de exposición

591.334

sitios usan

0

en explotación

159

críticos

Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2057 resultados

CVE-2025-32119HIGHWordPress CardGate Payments for WooCommerce plugin <= 3.2.1 - SQL Injection vulnerabilityEPSS 0.3%CVE-2025-1287MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple WidgetsEPSS 0.3%CVE-2024-12334MEDIUMWC Affiliate – A Complete WooCommerce Affiliate Plugin <= 2.4 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2023-32500MEDIUMWordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2026-24562MEDIUMWordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10614MEDIUMCustomer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import CancellationEPSS 0.3%CVE-2024-56265HIGHWordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-11891MEDIUMShelf Planner <= 2.8.1 - Unauthenticated Information Exposure via Log FilesEPSS 0.3%CVE-2025-12777MEDIUMYITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item DeletionEPSS 0.3%CVE-2026-11987MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' ParameterEPSS 0.3%CVE-2023-49759MEDIUMWordPress WooDiscuz – WooCommerce Comments Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-48778MEDIUMWordPress Product Size Chart For WooCommerce Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-49761MEDIUMWordPress Product Enquiry for WooCommerce Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-58656MEDIUMWordPress Estonian Shipping Methods for WooCommerce Plugin <= 1.7.2 - Sensitive Data Exposure VulnerabilityEPSS 0.3%CVE-2024-2384MEDIUMWooCommerce POS <= 1.4.11 - Insufficient Verification of Data Authenticity to Authenticated (Customer+) Information DisclosureEPSS 0.3%CVE-2025-12115HIGHWPC Name Your Price for WooCommerce <= 2.1.9 - Unauthenticated Price AlterationEPSS 0.3%CVE-2022-4888MEDIUMMultiple Plugins from Addify - Multiple CSRFEPSS 0.3%CVE-2025-13369MEDIUMPremmerce WooCommerce Customers Manager <= 1.1.14 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2025-14348MEDIUMweMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information DisclosureEPSS 0.3%CVE-2025-31406MEDIUMWordPress ELEX WooCommerce Request a Quote plugin <= 2.3.9 - Broken Access Control vulnerabilityEPSS 0.3%

← anteriorpágina 70 / 103siguiente →

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →