Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

woocommerce — Vulnerabilities & Security Advisories 47

Browse all 47 CVE security advisories affecting woocommerce. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WooCommerce is an open-source e-commerce plugin for WordPress, enabling merchants to build and manage online stores. Its widespread adoption has made it a frequent target for attackers, resulting in 47 recorded Common Vulnerabilities and Exposures. Historically, the software has been susceptible to critical flaw classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and Privilege Escalation. These vulnerabilities often stem from insufficient input validation or improper access controls within the plugin’s codebase. While the project maintains an active security team that regularly issues patches, the sheer volume of installed instances creates a large attack surface. Notable incidents have involved compromised admin accounts and data exfiltration, highlighting the risks associated with outdated versions. Users are strongly advised to keep the software updated to mitigate these persistent threats and ensure transactional integrity.

Top products by woocommerce: AutomateWoo WooCommerce Stripe Payment Gateway Product Vendors Shipping Multiple Addresses woocommerce WooCommerce Square WooCommerce Bookings Product Add-Ons WooCommerce Box Office WooCommerce Pre-Orders WooCommerce Follow-Up Emails (AutomateWoo) WooCommerce Brands woocommerce-gutenberg-products-block WooPayments: Integrated WooCommerce Payments Google for WooCommerce WooCommerce Smart Coupons WooCommerce One Page Checkout WooCommerce Shipping Per Product Canada Post Shipping Method GoCardless Woo Subscriptions WooCommerce Product Vendors Product Recommendations Bulk Stock Management WooCommerce PayPal Payments Composite Products WooCommerce Order Barcodes Returns and Warranty Requests
CVE IDTitleCVSSSeverityPublished
CVE-2023-32746 WordPress WooCommerce Brands Plugin <= 1.6.45 is vulnerable to Cross Site Scripting (XSS) — WooCommerce BrandsCWE-79 6.5 Medium2023-08-30
CVE-2023-32793 WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Pre-OrdersCWE-79 6.5 Medium2023-08-30
CVE-2023-32802 WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Pre-OrdersCWE-79 7.1 High2023-08-30
CVE-2023-32801 WordPress WooCommerce Composite Products Plugin <= 8.7.5 is vulnerable to Cross Site Scripting (XSS) — Composite ProductsCWE-79 7.1 High2023-08-30
CVE-2023-37873 WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Scripting (XSS) — Shipping Multiple AddressesCWE-79 7.1 High2023-08-05
CVE-2023-36514 WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) — Shipping Multiple AddressesCWE-352 6.5 Medium2023-07-17
CVE-2023-36513 WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) — AutomateWooCWE-352 5.4 Medium2023-07-17
CVE-2023-36511 WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce Order BarcodesCWE-352 4.3 Medium2023-07-17
CVE-2023-35880 WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce BrandsCWE-352 5.4 Medium2023-07-17
CVE-2023-35917 WordPress WooCommerce PayPal Payments Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce PayPal PaymentsCWE-352 4.3 Medium2023-06-22
CVE-2023-35918 WordPress WooCommerce Bulk Stock Management Plugin <= 2.2.33 is vulnerable to Cross Site Scripting (XSS) — Bulk Stock ManagementCWE-79 7.1 High2023-06-22
CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Stripe Payment GatewayCWE-639 7.5 High2023-06-14
CVE-2023-33332 WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Product VendorsCWE-79 7.1 High2023-05-28
CVE-2023-33319 WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS) — WooCommerce Follow-Up Emails (AutomateWoo)CWE-79 7.1 High2023-05-28
CVE-2023-33316 WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) — WooCommerce Follow-Up Emails (AutomateWoo)CWE-352 5.4 Medium2023-05-28
CVE-2021-32790 Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint — woocommerceCWE-89 4.9 Medium2021-07-26
CVE-2021-32789 Arbitrary SQL (SQL injection) possible via the Store API component. — woocommerce-gutenberg-products-blockCWE-89 7.5 High2021-07-26

This page lists every published CVE security advisory associated with woocommerce. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.