Shodan
Vulnerabilities
Vulnerable Software
Woocommerce:  Security Vulnerabilities
CVE-2023-3507
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-31
CVE-2023-3508
The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-31
CVE-2023-36511
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-36513
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-17
CVE-2023-36514
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-07-17
CVE-2023-35880
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-17
CVE-2023-35917
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-22
CVE-2023-35918
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-22
CVE-2023-34000
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin <= 7.4.0 versions.
CVSS Score
7.5
EPSS Score
0.005
Published
2023-06-14
CVE-2015-10115
A vulnerability, which was classified as problematic, was found in WooSidebars Sidebar Manager Converter Plugin up to 1.1.1 on WordPress. This affects the function process_request of the file classes/class-woosidebars-sbm-converter.php. The manipulation leads to open redirect. It is possible to initiate the attack remotely. Upgrading to version 1.1.2 is able to address this issue. The patch is named a0efb4ffb9dfe2925b889c1aa5ea40b4abbbda8a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230655.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-06-05


Products
Pricing
Contact Us

Shodan ® - All rights reserved