Exposição de WooCommerce

Ecommerce, WordPress plugins
1.882
score de exposição
591.334
sites usam
0
em exploração
160
críticos
Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.060 resultados
CVE-2025-58799MEDIUMWordPress Custom WooCommerce Checkout Fields Editor Plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-12588MEDIUMUSB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-58802MEDIUMWordPress TrustMate.io – WooCommerce integration plugin <= 1.16.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-69334MEDIUMWordPress Wishlist for WooCommerce plugin <= 3.3.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-62096MEDIUMWordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2026-32450MEDIUMWordPress Active Products Tables for WooCommerce plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-48264MEDIUMWordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerabilityEPSS 0.1%CVE-2025-48265MEDIUMWordPress Year Make Model Search for WooCommerce plugin <= 1.0.11 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2025-54041MEDIUMWordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-54030MEDIUMWordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-14165MEDIUMKirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2026-1673MEDIUMBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term DeletionEPSS 0.1%CVE-2025-62890MEDIUMWordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-32545HIGHWordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-47648HIGHWordPress Pays – WooCommerce Payment Gateway plugin <= 2.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-3589HIGHWooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRFEPSS 0.1%CVE-2025-48342MEDIUMWordPress Dynamic Pricing & Discounts Lite for WooCommerce plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-48284MEDIUMWordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-8904MEDIUMFastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings SaveEPSS 0.1%CVE-2025-13924MEDIUMAdvanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and PublicationEPSS 0.1%