Exposição de WooCommerce

Ecommerce, WordPress plugins

1.871

score de exposição

591.334

sites usam

0

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.057 resultados

CVE-2025-22363MEDIUMWordPress Allada T-shirt Designer for Woocommerce plugin <= 1.1 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-4094HIGHFOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration DeletionEPSS 0.3%CVE-2025-12955HIGHLive sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data ExposureEPSS 0.3%CVE-2025-30837HIGHWordPress WooCommerce Fattureincloud plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-30579HIGHWordPress Pesapal Gateway for Woocommerce plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2026-42725MEDIUMWordPress Checkout Files Upload for WooCommerce plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-3138MEDIUMProduct Filter for WooCommerce by WBW <= 3.1.2 - Missing Authorization to Unauthenticated Filter Data Deletion via TRUNCATE TABLEEPSS 0.3%CVE-2026-9243MEDIUMThe Plus Addons for Elementor <= 6.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'carousel_direction' ParameterEPSS 0.3%CVE-2024-12257MEDIUMCardGate Payments for WooCommerce <= 3.2.1 - Reflected Cross-Site ScriptingEPSS 0.3%CVE-2025-47472MEDIUMWordPress Music Player for WooCommerce plugin <= 1.5.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2023-4924MEDIUMBEAR <= 1.1.3.3 - Missing Authorization to Product DeletionEPSS 0.3%CVE-2025-24762MEDIUMWordPress TicketBAI Facturas para WooCommerce plugin <= 3.45 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47602MEDIUMWordPress Calculate Prices based on Distance For WooCommerce plugin <= 1.3.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-47526MEDIUMWordPress GS Variation Swatches for WooCommerce plugin <= 3.0.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-31000MEDIUMWordPress Payment QR WooCommerce plugin <= 1.1.6 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-29006MEDIUMWordPress Direct Checkout for WooCommerce Lite plugin <= 1.0.3 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-46489MEDIUMWordPress Bulk Assign Linked Products For WooCommerce plugin <= 2.1 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2025-49320MEDIUMWordPress FraudLabs Pro for WooCommerce plugin <= 2.22.11 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2022-45376MEDIUMWordPress Side Cart Woocommerce (Ajax) Plugin < 2.1 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-57917MEDIUMWordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.4.8 - Broken Access Control vulnerabilityEPSS 0.3%

← anteriorpágina 69 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →