Exposição de WooCommerce

Ecommerce, WordPress plugins

1.859

score de exposição

591.334

sites usam

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.053 resultados

CVE-2026-7547MEDIUMWoosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' ParameterEPSS 0.4%CVE-2026-3474MEDIUMEmailKit <= 1.6.3 - Authenticated (Administrator+) Path Traversal via 'emailkit-editor-template' REST API ParameterEPSS 0.4%CVE-2024-9538MEDIUMShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor TemplateEPSS 0.4%CVE-2025-47532CRITICALWordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2023-32802HIGHWordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-3954MEDIUMMultiParcels Shipping For WooCommerce 1.15.2-1.15.3 - Reflected XSSEPSS 0.4%CVE-2023-3671MEDIUMMultiParcels Shipping For WooCommerce < 1.15.4 - Reflected XSSEPSS 0.4%CVE-2023-32575MEDIUMWordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.25 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-32691MEDIUMWordPress Active Products Tables for WooCommerce plugin <= 1.0.6.2 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-38669HIGHWordPress Predictive Search for WooCommerce plugin <= 6.0.1 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-38683HIGHWordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2025-31826MEDIUMWordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-4821MEDIUMDrag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-24800HIGHWordPress Product Feed PRO for WooCommerce plugin <= 13.2.5 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2024-1639MEDIUMLicense Manager for WooCommerce <= 3.0.6 - Improper Authorization to Authenticated(Contributor+) Sensitive Information ExposureEPSS 0.4%CVE-2023-29174MEDIUMWordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2023-47660MEDIUMWordPress Product Visibility by Country for WooCommerce Plugin <= 1.4.9 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-47657MEDIUMWordPress Direct Checkout – Quick View – Buy Now For WooCommerce Plugin <= 1.5.8 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2023-47533MEDIUMWordPress Countdown and CountUp, WooCommerce Sales Timer Plugin <= 1.8.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-13640MEDIUMPrint Invoice & Delivery Notes for WooCommerce <= 5.4.1 - Unauthenticated Sensitive Information Exposure Through Unprotected DirectoryEPSS 0.4%

← anteriorpágina 38 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →