Exposición de WooCommerce

Ecommerce, WordPress plugins
1865
score de exposición
591.334
sitios usan
0
en explotación
159
críticos
Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2057 resultados
CVE-2026-8599MEDIUMMailerPress <= 2.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via Campaign HTML Content FieldEPSS 0.2%CVE-2025-14626MEDIUMQR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode AttributesEPSS 0.2%CVE-2025-1527MEDIUMShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown ModuleEPSS 0.2%CVE-2023-47186MEDIUMWordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2025-49888HIGHWordPress PW WooCommerce On Sale! plugin <= 1.39 - Broken Access Control VulnerabilityEPSS 0.2%CVE-2022-46797MEDIUMWordPress Conversios.io Plugin <= 5.2.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.2%CVE-2026-52711HIGHWordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-13666MEDIUMHelloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status ModificationEPSS 0.2%CVE-2025-14173MEDIUMPerfit WooCommerce <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings DeletionEPSS 0.2%CVE-2023-52217MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-5816MEDIUMPlugin Pengiriman WooCommerce Kurir Reguler, Instan, Kargo – Biteship <= 3.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) View Order Tracking DetailsEPSS 0.2%CVE-2025-1284MEDIUMWoocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information DisclosureEPSS 0.2%CVE-2025-23789HIGHWordPress URL Shortener WooCommerce Plugin <= 9.0.2 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-22644MEDIUMWordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-10191MEDIUMBig Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-5285MEDIUMProduct Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag ParameterEPSS 0.2%CVE-2022-41805MEDIUMWordPress Booster for WooCommerce plugin <= 5.6.6 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-49059MEDIUMWordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerabilityEPSS 0.2%CVE-2023-3366MEDIUMMultiParcels Shipping For WooCommerce < 1.15.2 - Arbitrary Shipment Deletion via CSRFEPSS 0.2%CVE-2024-13424MEDIUMNi Sales Commission For WooCommerce <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Commission UpdateEPSS 0.2%

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →