Exposição de WooCommerce

Ecommerce, WordPress plugins
1.882
score de exposição
591.334
sites usam
0
em exploração
160
críticos
Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.060 resultados
CVE-2026-32410MEDIUMWordPress WBW Currency Switcher for WooCommerce plugin <= 2.2.5 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39662MEDIUMWordPress Product Price by Formula for WooCommerce plugin <= 2.5.6 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-31807MEDIUMWordPress Product Notices for WooCommerce plugin <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-12383MEDIUMBinary MLM Woocommerce <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site ScriptingEPSS 0.2%CVE-2025-13391MEDIUMProduct Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File DeletionEPSS 0.2%CVE-2026-6725MEDIUMWPC Smart Messages for WooCommerce <= 4.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode AttributeEPSS 0.2%CVE-2025-24647MEDIUMWordPress WooCommerce Cloak Affiliate Links plugin <= 1.0.35 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-7827MEDIUMNi WooCommerce Customer Product Report <= 1.2.4 - Missing Authorization to Authenticated (Subscriber+) Settings UpdateEPSS 0.2%CVE-2024-31943MEDIUMWordPress USPS Shipping for WooCommerce plugin <= 1.9.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-38691MEDIUMWordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-22638MEDIUMWordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-24625MEDIUMWordPress File Uploads Addon for WooCommerce plugin <= 1.7.3 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-24366MEDIUMWordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2025-12095HIGHSimple Registration for WooCommerce <= 1.5.8 - Cross-Site Request Forgery to Privilege Escalation via Role Request ApprovalEPSS 0.2%CVE-2025-49908MEDIUMWordPress WPC Countdown Timer for WooCommerce plugin <= 3.1.4 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-63024MEDIUMWordPress Order Delivery Date for WooCommerce plugin <= 4.3.1 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2024-47634MEDIUMWordPress CartBounty plugin <= 8.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2025-30801MEDIUMWordPress TWB Woocommerce Reviews plugin <= 1.7.7 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2024-12218MEDIUMWoocommerce check pincode/zipcode for shipping <= 2.0.4 - Cross-Site Request Forgery to Reflected Cross-Site ScriptingEPSS 0.2%CVE-2025-63015MEDIUMWordPress WooCommerce Payment Gateway – Paysera plugin <= 3.10.0 - Broken Access Control vulnerabilityEPSS 0.2%

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →