Browse all 11 CVE security advisories affecting Woo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Woo is an e-commerce platform enabling businesses to create online stores with payment processing and inventory management. Historically, it has been susceptible to various vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and insecure default configurations. The platform has faced multiple security incidents, including a 2020 vulnerability affecting over 3 million sites that allowed unauthorized access to customer data. Despite regular security updates, the persistent number of CVEs indicates ongoing challenges in maintaining secure default configurations and proper access controls across its extensive plugin ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-34003 | WordPress WooCommerce Box Office plugin <= 1.1.51 - Unauthenticated Save Ticket Barcode vulnerability — WooCommerce Box OfficeCWE-862 | 6.5 | Medium | 2024-06-09 |
This page lists every published CVE security advisory associated with Woo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.