Woocommerce/woocommerce
This hub aggregates every CVE we track for Woocommerce/woocommerce, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM4HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Woocommerce/woocommerce.
- CVE-2024-37297WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms5.4
- CVE-2022-2099WooCommerce < 6.6.0 - Admin+ Stored HTML Injection4.8
- CVE-2021-24323Woocommerce < 5.2.0 - Authenticated Stored Cross-Site Scripting (XSS)4.8
- CVE-2020-29156The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.5.3
- CVE-2019-20891WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-...8.8
Product normalization is registry-driven with AI assist and human review. How it works