Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Woocommerce Subscribe
Total 47 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-18834 1 Woocommerce 1 Subscriptions 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.
CVE-2016-10987 1 Woocommerce 1 Persian Woocommerce Sms 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS.
CVE-2019-14978 1 Woocommerce 1 Payu India Payment Gateway 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price.
CVE-2018-20714 1 Woocommerce 1 Woocommerce 2024-02-04 5.5 MEDIUM 8.1 HIGH
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.
CVE-2019-9168 1 Woocommerce 1 Woocommerce 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
CVE-2015-2329 1 Woocommerce 1 Woocommerce 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
CVE-2016-10112 1 Woocommerce 1 Woocommerce 2024-02-04 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.