Woocommerce: >> Woocommerce >> 1.2.2 Security Vulnerabilities
The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.
CVSS Score
8.1
EPSS Score
0.014
Published
2019-01-15
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-02-08
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
CVSS Score
4.8
EPSS Score
0.001
Published
2017-01-04
Page 2