Exposição de WooCommerce

Ecommerce, WordPress plugins

1.871

score de exposição

591.334

sites usam

0

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.057 resultados

CVE-2025-6718HIGHB1.lt for WooCommerce <= 2.2.57 - Missing Authorization to Authenticated (Subscriber+) Arbitrary SQL InjectionEPSS 0.3%CVE-2024-12278HIGHBooster for WooCommerce <= 7.2.4 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.3%CVE-2024-47367HIGHWordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-6458MEDIUMWooCommerce Product Table Lite <= 3.5.1 - Missing Authorization to (Subscriber+) Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-58951CRITICALWordPress Advance Seat Reservation Management for WooCommerce plugin <= 3.1 - SQL Injection vulnerabilityEPSS 0.3%CVE-2026-25317HIGHWordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-15033MEDIUMWooCommerce - Subscriber/Customer+ Order Data DisclosureEPSS 0.3%CVE-2023-35917MEDIUMWordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2024-39652HIGHWordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-0942MEDIUMRede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs DeletionEPSS 0.3%CVE-2023-4942MEDIUMBEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product ManipulationEPSS 0.3%CVE-2026-42383HIGHWordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerabilityEPSS 0.3%CVE-2025-49265HIGHWordPress Membership For WooCommerce plugin <= 2.8.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-45438HIGHWordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-13520MEDIUMGift Cards (Gift Vouchers and Packages) (WooCommerce Supported) <= 4.4.9 - Missing Authorization to Unauthenticated Price, Date, and Note UpdatesEPSS 0.3%CVE-2024-35730HIGHWordPress Active Products Tables for WooCommerce plugin <= 1.0.6.3 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-37509HIGHWordPress MakeCommerce for WooCommerce plugin <= 3.5.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-35733HIGHWordPress Auto Coupons for WooCommerce plugin <= 3.0.14 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-53424MEDIUMWordPress WooCommerce Orders & Customers Exporter plugin <= 5.4 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-4926MEDIUMBEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product DeletionEPSS 0.3%

← anteriorpágina 64 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →