WooCommerce
Automattic
Developer
10.3.5
Latest version
7,000,000
Installations
6 days ago
Last updated
Vulnerability history
0 present
43 fixed
6 Mitigation rules
- Sensitive Information Exposure vulnerability<= 7.8.2Oct 29, 2025
- Cross Site Scripting (XSS) vulnerability<= 10.0.2Oct 29, 2025
- PostMessage-Based Cross-Site Scripting<= 9.3.2May 22, 2025
- Cross Site Scripting (XSS) vulnerability<= 9.7.0Mar 12, 2025
- Unauthenticated Order Creation vulnerability< 9.4.3Dec 4, 2024
- Unauthenticated HTML Injection vulnerability<= 9.0.2Oct 15, 2024
- Cross Site Scripting (XSS) vulnerability<= 9.1.2Aug 16, 2024
- Content Injection vulnerability<= 8.9.2Jun 27, 2024
- Reflected Cross Site Scripting (XSS) vulnerability<= 8.9.2Jun 11, 2024
- Contributor+ Private/Draft Products Access vulnerability< 8.6Apr 15, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 8.5.2Apr 5, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 8.2.2Jan 5, 2024
- Reflected Cross-Site Scripting vulnerability<= 8.3.0Dec 12, 2023
- Contributor+ Cross Site Scripting (XSS) vulnerability<= 8.1.1Nov 15, 2023
- Authenticated Stored HTML Injection vulnerability<= 6.5.1Jun 20, 2022
- Orders Status Change (via PayPal Standard Gateway) vulnerability<= 6.3.0Mar 10, 2022
- Path Traversal via Importers vulnerability<= 6.2.0Feb 23, 2022
- Arbitrary Comment Deletion vulnerability<= 6.2.0Feb 23, 2022
- Analytics Report Leaks vulnerability<= 5.6.0Sep 22, 2021
- Unauthenticated SQL Injection (SQLi) vulnerability<= 5.5.0Jul 15, 2021
- Authenticated Persistent Cross-Site Scripting (XSS) vulnerability<= 5.1.0Apr 29, 2021
- Sensitive Information Disclosure vulnerability<= 4.6.2Nov 10, 2020
- Guest Account Creation vulnerability<= 4.6.1Nov 6, 2020
- Cross-Site Request Forgery (CSRF) vulnerability<= 3.6.4Jul 7, 2019
- Stored Cross-Site Scripting (XSS) vulnerability<= 3.5.4Feb 26, 2019
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 3.5.0Jan 7, 2019
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 3.4.5Dec 11, 2018
- Authenticated File Deletion to Privilege Escalation vulnerability<= 3.4.5Nov 7, 2018
- Authenticated Object Injection vulnerability<= 3.4.5Oct 29, 2018
- Potential Object Injection vulnerability<= 3.4.4Sep 1, 2018
- Authenticated PHP Object Injection vulnerability<= 3.2.3Feb 23, 2018
- Cross Site Scripting<= 2.6.8Jan 3, 2017
- Cross Site Scripting<= 2.6.3Sep 9, 2016
- Cross Site Scripting<= 2.6.2Jul 20, 2016
- Cross Site Scripting<= 2.4.8Nov 17, 2015
- Absolute Path Traversal<= 1.3Jun 24, 2015
- XXE<= 2.3.10Jun 17, 2015
- Reflected XSS<= 2.1.12Jun 10, 2015
- Reflected Cross Site Scripting<= 2.0.17May 15, 2015
- Cross Site Scripting<= 2.0.12May 15, 2015
- SQL Injection<= 2.3.5May 15, 2015
- XSS<= 2.2.10Feb 24, 2015
- Cross-Site Scripting (XSS) vulnerability<= 2.2.2Sep 11, 2014