Exposição de WooCommerce

Ecommerce, WordPress plugins

1.859

score de exposição

591.334

sites usam

0

em exploração

159

críticos

Análise Vexday

O WooCommerce acumula 2.037 CVEs catalogadas, volume expressivo que reflete sua ampla adoção e superfície de ataque — das quais 158 são de severidade crítica e 137 surgiram nos últimos 90 dias, indicando ritmo elevado de descoberta recente. A taxa de exploração ativa está abaixo da média geral do catálogo KEV, com nenhuma entrada confirmada no momento, embora isso não elimine o risco operacional dado o alto volume de falhas críticas acumuladas. O tipo de falha mais frequente é CWE-79 (Cross-Site Scripting), padrão que exige atenção contínua em ambientes com múltiplos plugins e temas integrados. O CVE-2023-28121 merece prioridade imediata: seu score EPSS de 0,87 indica probabilidade muito elevada de exploração ativa nos próximos 30 dias, tornando-o o principal vetor de risco a ser tratado em qualquer plano de remediação.

CVEs

2.053 resultados

CVE-2023-51499MEDIUMWordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-5769MEDIUMMIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Limited Settings UpdateEPSS 0.4%CVE-2025-1911LOWProduct Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Deletion via admin_log_page FunctionEPSS 0.4%CVE-2025-47588CRITICALWordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.9 - Arbitrary Code Execution vulnerabilityEPSS 0.4%CVE-2023-49827HIGHWordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2025-68013MEDIUMWordPress Payment Gateway Authorize.Net CIM for WooCommerce plugin <= 2.1.2 - Arbitrary Content Deletion vulnerabilityEPSS 0.4%CVE-2022-47589MEDIUMWordPress CTT Expresso para WooCommerce Plugin <= 3.2.11 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2022-47173MEDIUMWordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.62.0 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2024-0201MEDIUMProduct Expiry for WooCommerce <= 2.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.4%CVE-2022-43463MEDIUMWordPress Custom Product Tabs for WooCommerce plugin <= 1.7.9 - Auth. Stored Cross-Site Scripting (XSS) vulnerabilityEPSS 0.4%CVE-2025-47544HIGHWordPress Dynamic Pricing With Discount Rules for WooCommerce plugin <= 4.5.8 - SQL Injection VulnerabilityEPSS 0.4%CVE-2025-47538HIGHWordPress Cart tracking for WooCommerce plugin <= 1.0.17 - SQL Injection VulnerabilityEPSS 0.4%CVE-2026-3985HIGHCreative Mail – Easier WordPress & WooCommerce Email Marketing <= 1.6.9 - Unauthenticated SQL Injection via 'checkout_uuid' ParameterEPSS 0.4%CVE-2024-4632MEDIUMWooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site ScriptingEPSS 0.4%CVE-2024-9156MEDIUMTI WooCommerce Wishlist <= 2.8.2 - Unauthenticated SQL Injection via lang parametersEPSS 0.4%CVE-2025-31802MEDIUMWordPress Shiptimize for WooCommerce plugin <= 3.1.86 - Settings Change vulnerabilityEPSS 0.4%CVE-2025-31757MEDIUMWordPress Free Woocommerce Product Table View plugin <= 1.78 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2024-10535MEDIUMVideo Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File DeletionEPSS 0.4%CVE-2025-14070HIGHReviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon CreationEPSS 0.4%CVE-2023-47755MEDIUMWordPress WooCommerce Product Carousel Slider Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%

← anteriorpágina 39 / 103próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →