Exposición de WooCommerce

Ecommerce, WordPress plugins
1807
score de exposición
591.334
sitios usan
0
en explotación
158
críticos
Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2037 resultados
CVE-2023-4945MEDIUMBooster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 0.5%CVE-2023-40555HIGHWordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object InjectionEPSS 0.5%CVE-2024-0617MEDIUMCategory Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()EPSS 0.5%CVE-2025-28947HIGHWordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion VulnerabilityEPSS 0.5%CVE-2023-25998HIGHWordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion VulnerabilityEPSS 0.5%CVE-2024-44048MEDIUMWordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerabilityEPSS 0.5%CVE-2023-27608MEDIUMWordPress Points and Rewards for WooCommerce plugin <= 1.5.0 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2025-48129CRITICALWordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Privilege Escalation VulnerabilityEPSS 0.5%CVE-2025-31553CRITICALWordPress Advanced WooCommerce Product Sales Reporting plugin <= 4.1.1 - SQL Injection vulnerabilityEPSS 0.5%CVE-2024-6479MEDIUMSIP Reviews Shortcode for WooCommerce <= 1.2.3 - Authenticated (Contributor+) SQL InjectionEPSS 0.5%CVE-2023-30479MEDIUMWordPress Stamped.io Product Reviews & UGC for WooCommerce plugin <= 2.3.2 - Broken Access Control vulnerabilityEPSS 0.5%CVE-2024-43131HIGHWordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerabilityEPSS 0.5%CVE-2024-7747MEDIUMWallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric TypesEPSS 0.5%CVE-2024-2210MEDIUMThe Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member ListingEPSS 0.5%CVE-2022-4329MEDIUMProduct list Widget for Woocommerce <= 1.0 - Reflected XSSEPSS 0.5%CVE-2024-37297MEDIUMWooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration formsEPSS 0.5%CVE-2023-4943MEDIUMBEAR <= 1.1.3.3 - Missing Authorization to Product ManipulationEPSS 0.5%CVE-2022-3923MEDIUMActiveCampaign for WooCommerce < 1.9.8 - Subscriber+ Error Log CleanupEPSS 0.5%CVE-2023-2743MEDIUMWP ERP < 1.12.4 - Reflected Cross-Site ScriptingEPSS 0.5%CVE-2026-2019HIGHCart All In One For WooCommerce <= 1.1.21 - Authenticated (Administrator+) Code Injection via 'sc_assign_page' SettingEPSS 0.5%

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →