Filtered by vendor Automattic
Subscriptions
Filtered by product Woocommerce
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49042 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-10-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce woocommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 10.0.2. | ||||
| CVE-2023-7320 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-10-30 | 5.3 Medium |
| The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information). | ||||
| CVE-2024-22155 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-08-26 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2. | ||||
| CVE-2024-39666 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-07-13 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2. | ||||
| CVE-2024-35777 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-07-13 | 3.5 Low |
| Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2. | ||||
| CVE-2025-26762 | 2 Automattic, Wordpress | 2 Woocommerce, Wordpress | 2025-07-12 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce allows Stored XSS.This issue affects WooCommerce: from n/a through 9.7.0. | ||||
| CVE-2024-1310 | 1 Automattic | 1 Woocommerce | 2025-05-27 | 4.9 Medium |
| The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) | ||||
| CVE-2017-17058 | 1 Automattic | 1 Woocommerce | 2025-04-20 | 7.5 High |
| The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code | ||||
| CVE-2023-47777 | 1 Automattic | 2 Woocommerce, Woocommerce Blocks | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. | ||||
| CVE-2024-10486 | 1 Automattic | 1 Woocommerce | 2024-11-19 | 5.3 Medium |
| The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | ||||
Page 1 of 1.