Unknown Woocommerce vulnerabilities
3 known vulnerabilities affecting unknown/woocommerce.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-1310MEDIUMCVSS 4.9fixed in 8.62024-04-15
CVE-2024-1310 [MEDIUM] CWE-284 CVE-2024-1310: The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor rol
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)
cvelistv5nvd
CVE-2022-0775MEDIUMCVSS 4.3fixed in 6.2.12024-01-16
CVE-2022-0775 [MEDIUM] CWE-863 CVE-2022-0775: The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
cvelistv5nvd
CVE-2022-2099MEDIUMCVSS 4.8fixed in 6.6.02022-07-17
CVE-2022-2099 [MEDIUM] CWE-116 CVE-2022-2099: The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles
cvelistv5nvd