CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9944 – WooCommerce <= 9.0.2 - Unauthenticated HTML Injection
https://notcve.org/view.php?id=CVE-2024-9944
14 Oct 2024 — The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions. • https://github.com/woocommerce/woocommerce/pull/49370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39666 – WordPress WooCommerce plugin <= 9.1.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-39666
16 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2. The WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 9.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that w... • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-9-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35777 – WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-35777
27 Jun 2024 — Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2. Neutralización inadecuada de elementos especiales en la salida utilizados por una vulnerabilidad de componente posterior ('Injection') en Automattic WooCommerce permite la suplantación de contenido. Este problema afecta a WooCommerce: desde n/a hasta 8.9.2. The WooCommerce plugin for WordPres... • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-9-2-content-injection-vulnerability?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22155 – WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-22155
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 8.5.2. The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.5.2. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1310 – WooCommerce < 8.6 - Contributor+ Private/Draft Products Access
https://notcve.org/view.php?id=CVE-2024-1310
25 Mar 2024 — The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) El complemento WooCommerce WordPress anterior a 8.6 no impide que los usuarios con al menos el rol de colaborador filtren productos a los que no deberían tener acceso. (por ejemplo, productos privados, borradores y desechados) The WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due t... • https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52222 – WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-52222
05 Jan 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Automattic WooCommerce. Este problema afecta a WooCommerce: desde n/a hasta 8.2.2. The WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.2. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-47777 – WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-47777
15 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Scripting entre sitios') en Automattic WooCommerce, Automattic WooCommerce Blocks permite XSS almacenado. Este problema afecta a WooCommerce... • https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25788 – WordPress Saphali Woocommerce Lite Plugin <= 1.8.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25788
26 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Saphali Saphali Woocommerce Lite en versiones <= 1.8.13. The Saphali Woocommerce Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.13. This is due to missing or incorrect nonce validation on the 'woocommerce_saphali_page_s_l' function. This makes it possible for unauthe... • https://patchstack.com/database/vulnerability/saphali-woocommerce-lite/wordpress-saphali-woocommerce-lite-plugin-1-8-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32575 – WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-32575
12 May 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenada en Product page shipping calculator for WooCommerce de PI Websolution que afecta a las versiones 1.3.25 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Product page shipping calculator for WooCommerce plugin for WordPres... • https://patchstack.com/database/vulnerability/product-page-shipping-calculator-for-woocommerce/wordpress-product-page-shipping-calculator-for-woocommerce-plugin-1-3-25-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2099 – WooCommerce < 6.6.0 - Admin+ Stored HTML Injection
https://notcve.org/view.php?id=CVE-2022-2099
20 Jun 2022 — The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles El plugin WooCommerce de WordPress versiones anteriores a 6.6.0 es vulnerable a la inyección de HTML almacenado debido a la falta de escape y sanitización en los títulos de la pasarela de pago The WooCommerce plugin for WordPress is vulnerable to Stored HTML Injection via payment gateway titles in versions up to 6.6.0 due to insufficient input sanitization... • https://wpscan.com/vulnerability/0316e5f3-3302-40e3-8ff4-be3423a3be7b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-116: Improper Encoding or Escaping of Output •