Exposición de WooCommerce

Ecommerce, WordPress plugins
1934
score de exposición
591.334
sitios usan
0
en explotación
162
críticos
Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2074 resultados
CVE-2025-14165MEDIUMKirim.Email WooCommerce Integration <= 1.2.9 - Cross-Site Request Forgery to Settings UpdateEPSS 0.1%CVE-2025-48264MEDIUMWordPress Product Code for WooCommerce plugin <= 1.5.0 - CSRF to Database Update vulnerabilityEPSS 0.1%CVE-2026-1673MEDIUMBEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term DeletionEPSS 0.1%CVE-2025-54030MEDIUMWordPress WooCommerce Google Sheet Connector plugin <= 1.3.20 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-54041MEDIUMWordPress Wallet System for WooCommerce plugin <= 2.6.7 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-62890MEDIUMWordPress Premmerce Brands for WooCommerce plugin <= 1.2.13 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-32545HIGHWordPress WooCommerce Products without featured images Plugin <= 0.1 - CSRF to Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.1%CVE-2025-47648HIGHWordPress Pays – WooCommerce Payment Gateway plugin <= 2.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2026-3589HIGHWooCommerce < 10.5.3 - Arbitrary Admin User Creation via CSRFEPSS 0.1%CVE-2025-48342MEDIUMWordPress Dynamic Pricing & Discounts Lite for WooCommerce plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-48284MEDIUMWordPress Japanized For WooCommerce plugin <= 2.6.40 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-13924MEDIUMAdvanced Product Fields (Product Addons) for WooCommerce <= 1.6.17 - Cross-Site Request Forgery to Product Field Group Duplication and PublicationEPSS 0.1%CVE-2026-1455MEDIUMWhatsiplus Scheduled Notification for Woocommerce <= 1.0.1 - Cross-Site Request Forgery to 'wsnfw_save_users_settings' AJAX ActionEPSS 0.1%CVE-2026-8904MEDIUMFastPicker, an order picker and order management system (oms) for WooCommerce on steroids <= 1.0.2 - Cross-Site Request Forgery via Settings SaveEPSS 0.1%CVE-2025-62005HIGHWordPress SUMO Memberships for WooCommerce plugin < 7.8.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2026-57635MEDIUMWordPress FunnelKit Payment Gateway for Stripe WooCommerce plugin <= 1.14.0.3 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-53569MEDIUMWordPress Trust Payments Gateway for WooCommerce (JavaScript Library) plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) VulnerabilityEPSS 0.1%CVE-2025-53271HIGHWordPress Additional Order Filters for WooCommerce plugin <= 1.22 - Cross Site Request Forgery (CSRF) to Stored XSS VulnerabilityEPSS 0.1%CVE-2025-62957HIGHWordPress NikanWP WooCommerce Reporting plugin <= 1.0.0 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%CVE-2025-64290MEDIUMWordPress Premmerce Product Search for WooCommerce plugin <= 2.2.4 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.1%