WooCommerce logo

WooCommerce

Plugin Vulnerabilities

2019-07-07 WooCommerce <= 3.6.4 - Cross-Site Request Forgery (CSRF) & File Type Check fixed in version 3.6.5
2019-02-20 WooCommerce <= 3.5.4 - Stored Cross-Site Scripting (XSS) fixed in version 3.5.5
2018-12-21 WooCommerce <= 3.5.0 - Authenticated Stored XSS fixed in version 3.5.1
2018-12-10 WooCommerce <= 3.4.5 - Authenticated Stored XSS fixed in version 3.4.6
2018-12-10 WooCommerce <= 3.4.5 - Authenticated Phar Deserialization fixed in version 3.4.6
2018-10-11 WooCommerce <= 3.4.5 - Authenticated Object Injection fixed in version 3.4.6
2018-10-11 WooCommerce <= 3.4.5 - Authenticated File Deletion to Privilege Escalation fixed in version 3.4.6
2018-08-29 WooCommerce <= 3.4.4 - Potential Object Injection fixed in version 3.4.5
2017-11-16 WooCommerce <= 3.2.3 - Authenticated PHP Object Injection fixed in version 3.2.4
2016-12-07 WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS fixed in version 2.6.9
2016-09-09 WooCommerce <= 2.6.3 - Stored Cross Site Scripting (XSS) via REST API fixed in version 2.6.4
2016-07-19 WooCommerce <= 2.6.2 - Authenticated Cross-Site Scripting (XSS) fixed in version 2.6.3
2015-11-17 WooCommerce <= 2.4.8 - Authenticated Cross-Site Scripting (XSS) fixed in version 2.4.9
2015-06-10 WooCommerce 2.0.20-2.3.10 - Object Injection / XXE fixed in version 2.3.11
2015-03-13 WooCommerce 2.3 - 2.3.5 - SQL Injection fixed in version 2.3.6
2015-02-22 WooCommerce <= 2.2.10 - Cross-Site Scripting (XSS) fixed in version 2.2.11
2014-09-21 WooCommerce <= 2.1.12 - Reflected Cross-Site Scripting (XSS) fixed in version 2.2.3
2014-09-17 WooCommerce <= 2.2.2 - Reflected Cross-Site Scripting (XSS) fixed in version 2.2.3
2014-08-01 WooCommerce 2.0.17 - hide-wc-extensions-message Parameter Reflected XSS fixed in version 2.0.17
2014-08-01 WooCommerce 2.0.12 - index.php calc_shipping_state Parameter XSS fixed in version 2.0.13