Exposição de WooCommerce

Ecommerce, WordPress plugins

1.859

score de exposição

591.334

sites usam

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.053 resultados

CVE-2023-51679MEDIUMWordPress BulkGate SMS Plugin for WooCommerce plugin <= 3.0.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1370MEDIUMSIBS - WooCommerce <= 2.2.0 - Authenticated (Admin+) SQL Injection via 'referencedId' ParameterEPSS 0.3%CVE-2024-8667MEDIUMHurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce <= 2.10.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post PublicationEPSS 0.3%CVE-2025-49887CRITICALWordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) VulnerabilityEPSS 0.3%CVE-2025-69052CRITICALWordPress Registration & Login with Mobile Phone Number for WooCommerce plugin <= 1.3.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-37894HIGHWordPress Variation Images Gallery for WooCommerce Plugin <= 2.3.3 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-46076HIGHWordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-37975HIGHWordPress Variation Swatches for WooCommerce Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-46094HIGHWordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2023-45006HIGHWordPress WooODT Lite Plugin <= 2.4.6 is vulnerable to Cross Site Scripting (XSS)EPSS 0.3%CVE-2024-35728MEDIUMWordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerabilityEPSS 0.3%CVE-2025-69045HIGHWordPress FooEvents for WooCommerce plugin <= 1.20.4 - SQL Injection vulnerabilityEPSS 0.3%CVE-2025-49379HIGHWordPress Custom Fields Account Registration For Woocommerce plugin <= 1.2 - Privilege Escalation vulnerabilityEPSS 0.3%CVE-2023-6494MEDIUMWPC Smart Quick View for WooCommerce <= 4.0.2 - Authenticated (Administrator+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-6799MEDIUMYITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and DeactivationEPSS 0.3%CVE-2024-5192MEDIUMFunnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells <= 3.3.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG UploadEPSS 0.3%CVE-2024-35680MEDIUMWordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerabilityEPSS 0.3%CVE-2026-56027CRITICALWordPress Booster for WooCommerce plugin <= 8.0.1 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-2554HIGHWCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.25 - Authenticated (Vendor+) Insecure Direct Object Reference to Arbitrary User DeletionEPSS 0.3%CVE-2025-62015HIGHWordPress Advanced Coupons for WooCommerce Coupons plugin <= 4.6.8 - SQL Injection vulnerabilityEPSS 0.3%

← anteriorpágina 55 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →