Exposição de WooCommerce

Ecommerce, WordPress plugins
1.882
score de exposição
591.334
sites usam
0
em exploração
160
críticos
Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.060 resultados
CVE-2026-1455MEDIUMWhatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX ActionEPSS 0.1%CVE-2025-62005HIGHWordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-57635MEDIUMWordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-53569MEDIUMWordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53271HIGHWordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-62957HIGHWordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-64290MEDIUMWordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-48144HIGHWordPress Import Export For WooCommerce plugin <= 1.6.2 - CSRF to Stored XSS vulnerabilityEPSS 0.1%CVE-2025-52783HIGHWordPress Change Cart button Colors WooCommerce plugin <= 1.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2022-47150MEDIUMWordPress WooCommerce Conversion Tracking plugin <= 2.0.10 - Cross-Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-32443MEDIUMWordPress Product Feed PRO for WooCommerce plugin <= 13.5.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-60171HIGHWordPress Conditional Cart Messages for WooCommerce – YourPlugins.com Plugin <= 1.2.10 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-60173HIGHWordPress GST for WooCommerce Plugin <= 2.0 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-57637MEDIUMWordPress Abandoned Cart Lite for WooCommerce plugin <= 6.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-58991HIGHWordPress WooCommerce Booking Bundle Hours Plugin <= 0.7.4 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-12358MEDIUMShopEngine <= 4.8.5 - Cross-Site Request Forgery to Wishlist ManipulationEPSS 0.1%CVE-2026-39671HIGHWordPress Extra Fees Plugin for WooCommerce plugin <= 4.3.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-12130MEDIUMWC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product DeletionEPSS 0.1%CVE-2025-62080MEDIUMWordPress Live Shopping & Shoppable Videos For WooCommerce plugin <= 2.2.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-24365MEDIUMWordPress Stock Manager for WooCommerce plugin < 3.6.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%