Exposure of WooCommerce
Ecommerce, WordPress plugins1,776
exposure score
591,334
sites use
0
exploited
157
critical
CVEs
2,028 resultsCVE-2023-28121—An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behaEPSS 86.9%CVE-2024-1698CRITICALNotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL InjectionEPSS 77.6%CVE-2022-0412—TI WooCommerce Wishlist < 1.40.1 - Unauthenticated Blind SQL InjectionEPSS 74.6%CVE-2025-1661CRITICALHUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File InclusionEPSS 52.8%CVE-2023-2986CRITICALAbandoned Cart Lite for WooCommerce <= 5.15.1 - Authentication BypassEPSS 42.8%CVE-2022-0349—NotificationX < 2.3.9 - Unauthenticated Blind SQL InjectionEPSS 34.4%CVE-2025-6440CRITICALWooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File UploadEPSS 31.8%CVE-2024-2340MEDIUMAvada <= 7.11.6 - Unauthenticated Sensitive Information Exposure via Form Uploads Directory ListingEPSS 28.0%CVE-2022-1020—Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function CallEPSS 26.2%CVE-2024-43917CRITICALWordPress TI WooCommerce Wishlist plugin <= 2.8.2 - SQL Injection vulnerabilityEPSS 21.8%CVE-2024-6457CRITICALHUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL InjectionEPSS 19.7%CVE-2021-24867—Backdoored Plugins & Themes from AccessPress ThemesEPSS 18.9%CVE-2022-4395CRITICALMembership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File UploadEPSS 17.6%CVE-2023-2833HIGHReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege EscalationEPSS 17.5%CVE-2021-32789HIGHArbitrary SQL (SQL injection) possible via the Store API component.EPSS 17.2%CVE-2024-0881MEDIUMCombo Blocks < 2.2.76 - Unauthenticated Password Protected Posts AccessEPSS 16.9%CVE-2025-48148CRITICALWordPress StoreKeeper for WooCommerce Plugin <= 14.4.4 - Arbitrary File Upload VulnerabilityEPSS 14.9%CVE-2022-45359CRITICALWordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File UploadEPSS 13.5%CVE-2021-24300—PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)EPSS 10.6%CVE-2021-24169—Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS)EPSS 10.3%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →