Known Vulnerabilities for products from WooCommerce
Listed below are 20 of the newest known vulnerabilities associated with the vendor "WooCommerce".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-39671 json | Not Provided | 2026-04-08 | 2026-04-29 | |
| CVE-2026-39668 json | Not Provided | 2026-04-08 | 2026-04-08 | |
| CVE-2026-39662 json | Not Provided | 2026-04-08 | 2026-04-29 | |
| CVE-2026-39656 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-39645 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-39643 json | Not Provided | 2026-04-08 | 2026-04-13 | |
| CVE-2026-39542 json | Not Provided | 2026-04-08 | 2026-04-14 | |
| CVE-2026-39508 json | Not Provided | 2026-04-08 | 2026-04-10 | |
| CVE-2026-39501 json | Not Provided | 2026-04-08 | 2026-04-10 | |
| CVE-2026-39497 json | Not Provided | 2026-04-08 | 2026-04-10 | |
| CVE-2024-27193 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India p... | Not Provided | 2024-03-15 | 2026-04-23 |
| CVE-2024-24799 json | Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a... | Not Provided | 2024-03-26 | 2026-04-28 |
| CVE-2023-52222 json | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.... | Not Provided | 2024-01-08 | 2026-04-28 |
| CVE-2023-44999 json | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooComme... | Not Provided | 2024-03-27 | 2026-04-28 |
| CVE-2023-37873 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versio... | 6.1 - MEDIUM | 2023-08-05 | 2023-08-09 |
| CVE-2023-36514 json | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. | 8.8 - HIGH | 2023-07-17 | 2023-07-27 |
| CVE-2023-36513 json | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. | 8.8 - HIGH | 2023-07-17 | 2023-07-27 |
| CVE-2023-36511 json | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. | 8.8 - HIGH | 2023-07-17 | 2023-07-27 |
| CVE-2023-35918 json | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. | 6.1 - MEDIUM | 2023-06-22 | 2023-06-28 |
| CVE-2023-35917 json | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. | 8.8 - HIGH | 2023-06-22 | 2023-06-28 |
Known software with vulnerabilities from WooCommerce
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Woocommerce | Gift Cards | 3.0.2 |
| Application | Woocommerce | Nab Transact | 2.1.0 |
| Application | Woocommerce | Paypal Checkout | 0.1.0 |
| Application | Woocommerce | Paypal Checkout Payment Gateway | 1.5.2 |
| Application | Woocommerce | Payu India Payment Gateway | 1.0 |
| Application | Woocommerce | Persian Woocommerce Sms | - |
| Application | Woocommerce | Subscriptions | - |
| Application | Woocommerce | Woocommerce | 1.0 |