Exposición de WooCommerce

Ecommerce, WordPress plugins
1934
score de exposición
591.334
sitios usan
0
en explotación
162
críticos
Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2074 resultados
CVE-2025-49510MEDIUMWordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-12881MEDIUMReturn Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message ReadEPSS 0.1%CVE-2025-57914MEDIUMWordPress Deliver via Shipos for WooCommerce plugin <= 3.0.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-2385MEDIUMThe Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.4.7 - Unauthenticated Email RelayEPSS 0.1%CVE-2026-0939MEDIUMRede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.2 - Unauthenticated Order Status ManipulationEPSS 0.1%CVE-2025-32263MEDIUMWordPress Sequential Order Numbers for WooCommerce plugin <= 3.6.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-30631HIGHReflected Cross Site Scripting (XSS) vulnerability in AA-Team WordPress pluginsEPSS 0.1%CVE-2026-4259HIGHUltimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctionsEPSS 0.1%CVE-2025-46243MEDIUMWordPress Recover abandoned cart for WooCommerce plugin <= 2.2 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-39472MEDIUMWordPress WooCommerce Social Login plugin < 2.8.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-27342MEDIUMWordPress WooCommerce Recargo de Equivalencia Plugin <= 1.6.24 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-57977HIGHWordPress Flexible PDF Invoices for WooCommerce & WordPress Plugin <= 6.0.13 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2022-44630MEDIUMWordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)EPSS 0.1%CVE-2025-12191MEDIUMPDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site ScriptingEPSS 0.1%CVE-2026-39437HIGHWordPress Min Max Step Quantity Limits Manager for WooCommerce plugin <= 5.2.2 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-48111MEDIUMWordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-47451MEDIUMWordPress Product Quantity Dropdown For Woocommerce plugin <= 1.2 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%CVE-2025-28984MEDIUMWordPress Subscription Renewal Reminders for WooCommerce plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-53203MEDIUMWordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-39453MEDIUMWordPress Advanced Dynamic Pricing for WooCommerce plugin <= 4.9.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerabilityEPSS 0.1%