Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Woo — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting Woo. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Woo is an e-commerce platform enabling businesses to create online stores with payment processing and inventory management. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and insecure default configurations. The platform has faced multiple security incidents, including a 2020 vulnerability affecting over 3 million sites that allowed unauthorized access to customer data. Despite regular security updates, the persistent number of CVEs indicates ongoing challenges in maintaining secure default configurations and proper access controls across its extensive plugin ecosystem.

Top products by Woo: WooCommerce Warranty Requests WooCommerce Product Vendors WooCommerce Ship to Multiple Addresses WooCommerce Box Office WooCommerce Canada Post Shipping AutomateWoo WooCommerce Subscriptions
CVE IDTitleCVSSSeverityPublished
CVE-2023-50850 WordPress Woo Subscriptions plugin < 5.8.0 - Broken Access Control vulnerability — WooCommerce SubscriptionsCWE-862 4.3 Medium2024-12-31
CVE-2023-37872 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.5 - Broken Access Control vulnerability — WooCommerce Ship to Multiple AddressesCWE-862 6.5 Medium2024-06-19
CVE-2023-36512 WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability — AutomateWooCWE-862 6.5 Medium2024-06-19
CVE-2023-37870 WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability — WooCommerce Warranty RequestsCWE-862 8.1 High2024-06-19
CVE-2023-51495 WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability — WooCommerce Warranty RequestsCWE-862 6.5 Medium2024-06-14
CVE-2023-51496 WordPress WooCommerce Warranty Requests plugin <= 2.2.7 - Broken Access Control vulnerability — WooCommerce Warranty RequestsCWE-862 5.3 Medium2024-06-14
CVE-2023-51497 WordPress WooCommerce Ship to Multiple Addresses plugin <= 3.8.9 - Broken Access Control vulnerability — WooCommerce Ship to Multiple AddressesCWE-862 5.4 Medium2024-06-14
CVE-2023-51498 WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability — WooCommerce Canada Post ShippingCWE-862 5.3 Medium2024-06-11
CVE-2023-52186 WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability — WooCommerce Product VendorsCWE-862 5.3 Medium2024-06-11
CVE-2023-34003 WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability — WooCommerce Box OfficeCWE-862 6.5 Medium2024-06-09
CVE-2023-51494 WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability — WooCommerce Product VendorsCWE-862 5.3 Medium2024-06-09

This page lists every published CVE security advisory associated with Woo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.