Browse all 5 CVE security advisories affecting XforWooCommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.
XforWooCommerce is a WordPress plugin designed to extend WooCommerce functionality with additional features. Historically, the plugin has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These vulnerabilities have allowed attackers to execute arbitrary code, steal sensitive data, and gain unauthorized administrative access. The plugin currently has five CVEs on record, highlighting ongoing security concerns. Notable incidents include vulnerabilities that could allow complete site takeover through insufficient input validation and improper access controls. Security researchers have consistently identified issues related to inadequate sanitization and permission checks, making it a target for attackers seeking to compromise e-commerce platforms.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-33628 | WordPress XforWooCommerce plugin <= 2.0.2 - Authenticated Local File Inclusion vulnerability — XforWooCommerceCWE-22 | 8.8 | High | 2024-06-04 |
This page lists every published CVE security advisory associated with XforWooCommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.