CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Woocommerce: >> Woocommerce >> 7.2.0 Security Vulnerabilities

CVE-2024-9944

The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.

CVSS Score

5.3

EPSS Score

0.001

Published

2024-10-15

CVE-2023-52222

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

CVSS Score

4.3

EPSS Score

0.002

Published

2024-01-08

Page 1

Vulnerabilities

Vulnerable Software

Woocommerce: >> Woocommerce >> 7.2.0 Security Vulnerabilities

Products

Pricing

Contact Us