woocommerce

Top products

The 15 most recently published vulnerabilities affecting woocommerce.

• CVE-2022-50972WooCommerce 7.1.0 Remote Code Execution via class-wc-meta-box-product-images.php9.8Jun 20, 2026
• CVE-2026-2381WooCommerce Stripe Payment Gateway <= 10.7.0 - Missing Authorization to Unauthenticated Order Status Manipulation via 'order' Parameter6.5Jun 16, 2026
• CVE-2026-9284WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure8.2May 23, 2026
• CVE-2026-1710WooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajax6.5Mar 31, 2026
• CVE-2025-13457WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id7.5Jan 10, 2026
• CVE-2025-5062WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting6.1May 22, 2025
• CVE-2024-10486Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File5.3Nov 18, 2024
• CVE-2020-36841WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation5.3Oct 16, 2024
• CVE-2017-20193Product Vendors <= 2.0.35 - Reflected Cross Site Scripting4.7Oct 16, 2024
• CVE-2024-9944WooCommerce <= 9.0.2 - Unauthenticated HTML Injection5.3Oct 15, 2024
• CVE-2023-35049WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability7.5Jun 19, 2024
• CVE-2023-51495WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability6.5Jun 14, 2024
• CVE-2023-51496WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability5.3Jun 14, 2024
• CVE-2023-51497WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability5.4Jun 14, 2024
• CVE-2024-37297WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms5.4Jun 12, 2024