WooCommerce

Information

Software Type Plugin
Software Slug woocommerce (view on wordpress.org)
Software Status Active
Software Author woothemes
Software Website woocommerce.com
Software Downloads 348,677,811
Software Active Installs 8,000,000
Software Record Last Updated November 21, 2024

Showing 21-39 of 39 Vulnerabilities

7.2
CVE ID Unknown
Jul 2, 2019
Researchers:
6.6
CVE ID Unknown
Aug 29, 2018
Researchers:
6.4
CVE ID Unknown
Jul 19, 2016
Researcher: Han Sahin
5.5
CVE ID Unknown
Nov 17, 2015
Researcher: Zhouyuan Yang
7.5
CVE ID Unknown
Jun 10, 2015
Researchers:
6.1
CVE ID Unknown
Sep 17, 2014
Researcher: Tom Adams
6.1
CVE ID Unknown
Oct 17, 2013
Researcher: Gjoko Krstic
Title Status CVE ID CVSS Researchers Date
WooCommerce < 4.7.0 - Insecure Direct Object Reference via order_id Parameter Patched CVE-2020-29156 5.3 Ko-kn3t January 21, 2020
WooCommerce <= 3.6.4 - Missing File Type Validation Patched 7.2 July 2, 2019
WooCommerce <= 3.6.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting Patched 8.8 DENNIS BRINKROLF July 2, 2019
WooCommerce <= 3.5.4 - Stored Cross-Site Scripting Patched CVE-2019-9168 6.1 Zhouyuan Yang February 20, 2019
WooCommerce <= 3.5.1 - Authenticated Stored Cross-Site Scripting Patched 5.5 Karim El Ouerghemmi November 29, 2018
WooCommerce <= 3.4.5 - WooCommerce File Deletion Patched CVE-2018-20714 7.2 Simon Scannell, Karim El Ouerghemmi, Slavco Mihajloski November 6, 2018
WooCommerce <= 3.4.4 - Authenticated PHP Object Injection Patched 6.6 August 29, 2018
WooCommerce <= 3.2.3 - Authenticated PHP Object Injection Patched CVE-2017-18356 8.8 November 16, 2017
WooCommerce <= 2.6.8 - Authenticated Stored Cross-Site Scripting Patched CVE-2016-10112 5.5 December 7, 2016
WooCommerce <= 2.6.3 - Stored Cross-Site Scripting via REST-API Patched 6.4 Sipke Mellema July 26, 2016
WooCommerce <= 2.6.2 - Stored Cross-Site Scripting Patched 6.4 Han Sahin July 19, 2016
WooCommerce < 2.4.9 - Cross-site Scripting Patched 5.5 Zhouyuan Yang November 17, 2015
WooCommerce <= 2.3.10 - PHP Object Injection Patched 7.5 June 10, 2015
WooCommerce <= 2.3.5 - Stored Cross-Site Scripting Patched CVE-2015-2329 7.2 March 13, 2015
WooCommerce <= 2.2.10 - Cross-Site Scripting Patched CVE-2015-2069 6.1 January 29, 2015
WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting Patched 6.1 Tom Adams September 17, 2014
WooCommerce <= 2.2.2 - Cross-Site Scripting via range Parameter Patched CVE-2014-6313 7.3 dwxsupport September 15, 2014
WooCommerce <= 2.0.17 - Cross-Site Scripting Patched 6.1 Gjoko Krstic October 17, 2013
WooCommerce <= 2.0.12 - Self-Reflected Cross-Site Scripting Patched 6.1 Mirza Burhan Baig July 18, 2013

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation