Filtered by vendor Woocommerce
Subscriptions
Filtered by product Woocommerce
Subscriptions
Total
205 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9168 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| WooCommerce before 3.5.5 allows XSS via a Photoswipe caption. | ||||
| CVE-2019-20891 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 8.8 High |
| WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php. | ||||
| CVE-2018-20714 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin. | ||||
| CVE-2017-18356 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes. | ||||
| CVE-2015-2329 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | ||||