Security Advisories - woocommerce/woocommerce - Packagist

woocommerce/woocommerce Security Advisories (5)

[MEDIUM] WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms

PKSA-dn5h-6fwy-vrcq CVE-2024-37297 GHSA-cv23-q6gh-xfrf

Affected version: >=8.9.0,<8.9.3|>=8.8.0,<8.8.5

Reported by:
GitHub
[MEDIUM] WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection

PKSA-sgm3-pd55-zhds CVE-2022-2099 GHSA-jwvf-28fg-g4xg

Affected version: <6.6.0

Reported by:
GitHub
[MEDIUM] Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled

PKSA-5c3v-z6jw-1fgc CVE-2021-24323 GHSA-mp46-7x6q-f28m

Affected version: <5.2.0

Reported by:
GitHub
[MEDIUM] WooCommerce Incorrect Authorization

PKSA-m2w3-cj2r-6yn5 CVE-2020-29156 GHSA-wwh8-v3j3-gxfw

Affected version: <4.7.0

Reported by:
GitHub
[HIGH] WooCommerce Cross-Site Request Forgery (CSRF)

PKSA-drmm-wx7b-585f CVE-2019-20891 GHSA-rcmf-88p4-9wrg

Affected version: <3.6.5

Reported by:
GitHub