Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-01-31
CVE-2024-1668 - Woocommerce Theme
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field).
THEME
Woocommerce
CVE-2024-1668
Risk Score
Threat Entry
Updated 2025-04-03
CVE-2024-1489 - Woocommerce Plugin
The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Woocommerce
CVE-2024-1489
Risk Score
Threat Entry
Updated 2025-02-05
CVE-2024-1468 - Woocommerce Theme
The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
THEME
Woocommerce
CVE-2024-1468
Risk Score
Threat Entry
Updated 2025-03-04
CVE-2024-0702 - WooCommerce Plugin
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more.
PLUGIN
WooCommerce
CVE-2024-0702
Risk Score
Threat Entry
Updated 2025-03-04
CVE-2024-1954 - WooCommerce Plugin
The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
WooCommerce
CVE-2024-1954
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-24837 - WooCommerce Plugin
Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0.
PLUGIN
WooCommerce
CVE-2024-24837
Risk Score
Threat Entry
Updated 2024-12-17
CVE-2024-24881 - WooCommerce Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2.
PLUGIN
WooCommerce
CVE-2024-24881
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-51408 - WooCommerce Plugin
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3.
PLUGIN
WooCommerce
CVE-2023-51408
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50893 - WooCommerce Plugin
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza – WordPress Website and WooCommerce Builder allows Reflected XSS.This issue affects Impreza – WordPress Website and WooCommerce Builder: from n/a through 8.17.4.
PLUGIN
WooCommerce
CVE-2023-50893
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-50856 - WooCommerce Plugin
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits.This issue affects Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels & Maximize Profits: from n/a through 2.14.3.
PLUGIN
WooCommerce
CVE-2023-50856
Risk Score
Threat Entry
Updated 2024-12-17
CVE-2023-27447 - WooCommerce Plugin
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.0.4.
PLUGIN
WooCommerce
CVE-2023-27447
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49826 - Woocommerce Theme
Deserialization of Untrusted Data vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
THEME
Woocommerce
CVE-2023-49826
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-49825 - Woocommerce Theme
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.This issue affects Soledad – Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme: from n/a through 8.4.1.
THEME
Woocommerce
CVE-2023-49825
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2099 - Woocommerce Plugin
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
PLUGIN
Woocommerce
CVE-2022-2099
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2021-32790 - Woocommerce Plugin
Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors (already) having admin access, or API keys to the WooCommerce site can exploit vulnerable endpoints of `/wp-json/wc/v3/webhooks`, `/wp-json/wc/v2/webhooks` and other webhook listing API. Read-only SQL queries can be executed using this exploit, while data will not be returned, by carefully crafting `search` parameter information can be disclosed using timing and related attacks. Version 3.3.6 is the earliest version of Woocommerce with a…
PLUGIN
Woocommerce
CVE-2021-32790
Risk Score