Exposição de WooCommerce

Ecommerce, WordPress plugins
1.859
score de exposição
591.334
sites usam
0
em exploração
159
críticos
Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.053 resultados
CVE-2025-7689HIGHHydra Booking 1.1.0 - 1.1.18 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via tfhb_reset_password_callback FunctionEPSS 0.3%CVE-2025-31795MEDIUMWordPress Shopify to WooCommerce Migration plugin <= 1.3.0 - Settings Change vulnerabilityEPSS 0.3%CVE-2025-57922MEDIUMWordPress Envíos Coordinadora Woocommerce plugin <= 1.1.32 - Sensitive Data Exposure vulnerabilityEPSS 0.3%CVE-2024-10365MEDIUMThe Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplatesEPSS 0.3%CVE-2024-32584MEDIUMWordPress TeraWallet plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-1689MEDIUMWooCommerce Tools <= 1.2.9 - Missing Authorization to Authenticated (Subscriber+) Plugin Module DeactivationEPSS 0.3%CVE-2024-31255HIGHWordPress ELEX WooCommerce Dynamic Pricing and Discounts plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-24878HIGHWordPress Portugal CTT Tracking for WooCommerce plugin <= 2.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-33949MEDIUMWordPress Min and Max Purchase for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-5039MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.3%CVE-2024-4450MEDIUMAliExpress Dropshipping with AliNext Lite <= 3.3.6 - Missing Authorization via Several FunctionsEPSS 0.3%CVE-2024-11378MEDIUMBizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2024-9531MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email SendingEPSS 0.3%CVE-2025-32593HIGHWordPress Add Product Frontend for WooCommerce plugin <= 1.0.8 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2024-54333HIGHWordPress Check Pincode For Woocommerce plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-54328HIGHWordPress Invoice Payment for WooCommerce plugin <= 1.7.2 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-9165MEDIUMGift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File UploadEPSS 0.3%CVE-2024-10233MEDIUMSMSAlert - WooCommerce <= 3.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_subscribe ShortcodeEPSS 0.3%CVE-2023-5230MEDIUMTM WooCommerce Compare & Wishlist <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.3%CVE-2024-2785MEDIUMThe Plus Addons for Elementor <= 5.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Age GateEPSS 0.3%

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →