Exposición de WooCommerce

Ecommerce, WordPress plugins
1882
score de exposición
591.334
sitios usan
0
en explotación
160
críticos
Análisis Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2060 resultados
CVE-2025-66071MEDIUMWordPress Custom Order Numbers for WooCommerce plugin <= 1.11.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-62151MEDIUMWordPress Virtuaria PagBank / PagSeguro para Woocommerce plugin <= 3.6.3 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2026-0692HIGHBlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status ManipulationEPSS 0.3%CVE-2024-49651HIGHWordPress WooCommerce Maintenance Mode plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-6717MEDIUMB1.lt for WooCommerce <= 2.2.56 - Authenticated (Subscriber+) SQL InjectionEPSS 0.3%CVE-2024-12337MEDIUMShipping via Planzer for WooCommerce <= 1.0.25 - Reflected Cross-Site Scripting via processed-idsEPSS 0.3%CVE-2025-5720MEDIUMCustomer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` ParameterEPSS 0.3%CVE-2023-48773MEDIUMWordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)EPSS 0.3%CVE-2023-4935MEDIUMBEAR <= 1.1.3.3 - Cross-Site Request Forgery to Profile CreationEPSS 0.3%CVE-2023-4937MEDIUMBEAR <= 1.1.3.3 - Cross-Site Request Forgery to Product ManipulationEPSS 0.3%CVE-2024-37544MEDIUMWordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-10711HIGHWooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options UpdateEPSS 0.3%CVE-2025-69385MEDIUMWordPress Cartify - WooCommerce Gutenberg WordPress Theme theme <= 1.3 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2024-35698MEDIUMWordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-3815MEDIUMNewspaper <= 12.6.5 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment MetaEPSS 0.3%CVE-2026-28114CRITICALWordPress WooCommerce License Manager plugin <= 7.0.6 - Arbitrary File Upload vulnerabilityEPSS 0.3%CVE-2026-3456HIGHGeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.2.0 - Unauthenticated SQL Injection via 'attributekey'EPSS 0.3%CVE-2025-32586HIGHWordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2025-23450HIGHWordPress AW WooCommerce Kode Pembayaran plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.3%CVE-2024-11814MEDIUMAdditional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site ScriptingEPSS 0.3%