Known Vulnerabilities for products from Woocommerce

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Woocommerce".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-39671 json Not Provided 2026-04-08 2026-04-13
CVE-2026-39668 json Not Provided 2026-04-08 2026-04-08
CVE-2026-39662 json Not Provided 2026-04-08 2026-04-09
CVE-2026-39656 json Not Provided 2026-04-08 2026-04-13
CVE-2026-39645 json Not Provided 2026-04-08 2026-04-13
CVE-2026-39643 json Not Provided 2026-04-08 2026-04-13
CVE-2026-39542 json Not Provided 2026-04-08 2026-04-14
CVE-2026-39508 json Not Provided 2026-04-08 2026-04-10
CVE-2026-39501 json Not Provided 2026-04-08 2026-04-10
CVE-2026-39497 json Not Provided 2026-04-08 2026-04-10
CVE-2024-27193 json Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU India PayU India p... Not Provided 2024-03-15 2026-04-23
CVE-2023-37873 json Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versio... 6.1 - MEDIUM 2023-08-05 2023-08-09
CVE-2023-36514 json Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. 8.8 - HIGH 2023-07-17 2023-07-27
CVE-2023-36513 json Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. 8.8 - HIGH 2023-07-17 2023-07-27
CVE-2023-36511 json Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. 8.8 - HIGH 2023-07-17 2023-07-27
CVE-2023-35918 json Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions. 6.1 - MEDIUM 2023-06-22 2023-06-28
CVE-2023-35917 json Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. 8.8 - HIGH 2023-06-22 2023-06-28
CVE-2023-35880 json Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. 8.8 - HIGH 2023-07-17 2023-07-26
CVE-2023-34004 json Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 ... 5.4 - MEDIUM 2023-08-30 2023-09-01
CVE-2023-34000 json Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions. 7.5 - HIGH 2023-06-14 2023-06-21
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Woocommerce

Type Vendor Product Version
ApplicationWoocommerceGift Cards3.0.2
ApplicationWoocommerceNab Transact2.1.0
ApplicationWoocommercePaypal Checkout0.1.0
ApplicationWoocommercePaypal Checkout Payment Gateway1.5.2
ApplicationWoocommercePayu India Payment Gateway1.0
ApplicationWoocommercePersian Woocommerce Sms-
ApplicationWoocommerceSubscriptions-
ApplicationWoocommerceWoocommerce1.0