Exposição de WooCommerce

Ecommerce, WordPress plugins

1.859

score de exposição

591.334

sites usam

0

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.053 resultados

CVE-2025-32524HIGHWordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-32523HIGHWordPress WooCommerce – Payphone Gateway plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2021-4409MEDIUMWooCommerce Etsy Integration <= 3.3.1 - Cross-Site Request Forgery BypassEPSS 0.3%CVE-2025-54692HIGHWordPress Membership For WooCommerce Plugin <= 2.9.0 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-13793HIGHWolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmoreEPSS 0.3%CVE-2025-32207MEDIUMWordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-12861MEDIUMW2S – Migrate WooCommerce to Shopify <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File ReadEPSS 0.3%CVE-2025-32181MEDIUMWordPress Search, Filters & Merchandising for WooCommerce plugin <= 3.0.58 - Stored Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-24657MEDIUMWordPress Wishlist for WooCommerce plugin <=2.1.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-24668MEDIUMWordPress PPOM for WooCommerce plugin <= 33.0.8 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-24681MEDIUMWordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-31854MEDIUMWordPress Simple Sticky Add To Cart For WooCommerce plugin <= 1.4.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-31866MEDIUMWordPress ShipDepot for WooCommerce plugin <= 1.2.19 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-23967CRITICALWordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection VulnerabilityEPSS 0.3%CVE-2025-24773CRITICALWordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - SQL Injection VulnerabilityEPSS 0.3%CVE-2025-30906HIGHWordPress Plugin Oficial – Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-31117MEDIUMWordPress WooCommerce Bookings Calendar plugin <= 1.0.36 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-12266MEDIUMELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing AuthorizationEPSS 0.3%CVE-2024-2946MEDIUMShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.8.4 - Authenticated (Contributor+) Stored Cross-site Scripting via QR Code WidgetEPSS 0.3%CVE-2024-33585MEDIUMWordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 2.12.1 - Broken Access Control vulnerabilityEPSS 0.3%

← anteriorpágina 52 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →