Exposição de WooCommerce

Ecommerce, WordPress plugins

1.871

score de exposição

591.334

sites usam

0

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.057 resultados

CVE-2026-1906MEDIUMPDF Invoices & Packing Slips for WooCommerce <= 5.6.0 - Missing Authorization to Authenticated (Subscriber+) Peppol Identifier ModificationEPSS 0.3%CVE-2025-1064MEDIUMLogin/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action ShortcodeEPSS 0.3%CVE-2025-11237MEDIUMMake Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options UpdateEPSS 0.3%CVE-2025-60159MEDIUMWordPress Nota Fiscal Eletrônica WooCommerce plugin <= 3.4.0.9 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-1316HIGHCustomer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href ParameterEPSS 0.3%CVE-2025-60247MEDIUMWordPress Bux Woocommerce plugin <= 1.2.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-11742MEDIUMWPC Smart Wishlist for WooCommerce <= 5.0.4 - Missing Authorization to Authenticated (Subscriber+) Information ExposureEPSS 0.3%CVE-2025-68834HIGHWordPress Sync Master Sheet – Product Sync with Google Sheet for WooCommerce plugin <= 1.1.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-13457HIGHWooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_idEPSS 0.3%CVE-2025-14033MEDIUMilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2025-12545MEDIUMPixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more <= 1.49.2 - Unauthenticated Information ExposureEPSS 0.3%CVE-2020-37174MEDIUMWOOF / Products Filter Professional for WooCommerce 1.2.3 Persistent XSSEPSS 0.3%CVE-2025-15147MEDIUMWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership PaymentEPSS 0.3%CVE-2022-46812MEDIUMWordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2022-41635MEDIUMWordPress Advanced Shipment Tracking for WooCommerce Plugin <= 3.5.2 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2022-45367MEDIUMWordPress Custom Order Numbers for WooCommerce Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2022-45372MEDIUMWordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-47787MEDIUMWordPress WooCommerce Bookings Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2025-14436HIGHBrevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-32241MEDIUMWordPress Official CleverReach WooCommerce Integration plugin <= 3.4.6 - CSRF to Settings Change vulnerabilityEPSS 0.3%

← anteriorpágina 74 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →