CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Woocommerce Subscriptions

Total 72 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-49817	1 Woocommerce	1 Checkout Field Editor	2024-12-09	8.2 High
Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a through 2.0.1.
CVE-2023-49194	1 Woocommerce	1 Dropshipping	2024-12-09	5.3 Medium
Insertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify (Dropshipping WooCommerce) allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through 1.0.4.
CVE-2024-10567	1 Woocommerce	1 Woocommerce	2024-12-04	7.5 High
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates.
CVE-2015-10104	1 Woocommerce	1 Icons For Features	2024-11-22	3.5 Low
A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756.
CVE-2024-37297	1 Woocommerce	1 Woocommerce	2024-11-21	5.4 Medium
WooCommerce is an open-source e-commerce platform built on WordPress. A vulnerability introduced in WooCommerce 8.8 allows for cross-site scripting. A bad actor can manipulate a link to include malicious HTML & JavaScript content. While the content is not saved to the database, the links may be sent to victims for malicious purposes. The injected JavaScript could hijack content & data stored in the browser, including the session. The URL content is read through the `Sourcebuster.js` library and then inserted without proper sanitization to the classic checkout and registration forms. Versions 8.8.5 and 8.9.3 contain a patch for the issue. As a workaround, one may disable the Order Attribution feature.
CVE-2023-52222	1 Woocommerce	1 Woocommerce	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
CVE-2023-51497	1 Woocommerce	1 Shipping Multiple Addresses	2024-11-21	5.4 Medium
Missing Authorization vulnerability in Woo WooCommerce Ship to Multiple Addresses.This issue affects WooCommerce Ship to Multiple Addresses: from n/a through 3.8.9.
CVE-2023-51496	1 Woocommerce	1 Returns And Warranty Requests	2024-11-21	5.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.
CVE-2023-51495	1 Woocommerce	1 Returns And Warranty Requests	2024-11-21	6.5 Medium
Missing Authorization vulnerability in Woo WooCommerce Warranty Requests.This issue affects WooCommerce Warranty Requests: from n/a through 2.2.7.
CVE-2023-51494	1 Woocommerce	1 Product Vendors	2024-11-21	5.3 Medium
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1.
CVE-2023-3508	1 Woocommerce	1 Woocommerce Pre-orders	2024-11-21	6.5 Medium
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks
CVE-2023-3507	1 Woocommerce	1 Woocommerce Pre-orders	2024-11-21	6.5 Medium
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
CVE-2023-37873	1 Woocommerce	1 Shipping Multiple Addresses	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-36514	1 Woocommerce	1 Shipping Multiple Addresses	2024-11-21	6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVE-2023-36513	1 Woocommerce	1 Automatewoo	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVE-2023-36511	1 Woocommerce	1 Woocommerce Order Barcodes	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVE-2023-35918	1 Woocommerce	1 Bulk Stock Management	2024-11-21	7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
CVE-2023-35917	1 Woocommerce	1 Paypal Payments	2024-11-21	4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
CVE-2023-35880	1 Woocommerce	1 Brands	2024-11-21	5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
CVE-2023-34004	1 Woocommerce	1 Woocommerce Box Office	2024-11-21	6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.

Page 1 of 4. next last »