woocommerce/woocommerce Security Advisories (5)
-
[MEDIUM] WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
PKSA-dn5h-6fwy-vrcq CVE-2024-37297 GHSA-cv23-q6gh-xfrf
Affected version: >=8.9.0,<8.9.3|>=8.8.0,<8.8.5
Reported by:
GitHub -
[MEDIUM] WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
PKSA-sgm3-pd55-zhds CVE-2022-2099 GHSA-jwvf-28fg-g4xg
Affected version: <6.6.0
Reported by:
GitHub -
[MEDIUM] Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled
PKSA-5c3v-z6jw-1fgc CVE-2021-24323 GHSA-mp46-7x6q-f28m
Affected version: <5.2.0
Reported by:
GitHub -
[MEDIUM] WooCommerce Incorrect Authorization
PKSA-m2w3-cj2r-6yn5 CVE-2020-29156 GHSA-wwh8-v3j3-gxfw
Affected version: <4.7.0
Reported by:
GitHub -
[HIGH] WooCommerce Cross-Site Request Forgery (CSRF)
PKSA-drmm-wx7b-585f CVE-2019-20891 GHSA-rcmf-88p4-9wrg
Affected version: <3.6.5
Reported by:
GitHub