WooCommerce CVE MAY 2024
Be informed about the latest WooCommerce CVE MAY 2024 Threat Case Study, identified and reported publicly. It is a +100% INCREASE compared to previous month, as specifically targeted e-Commerce vulnerabilities. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WooCommerce services.
What is WooCommerce CVE MAY 2024?
TLDR: the details on how to hack a specific software is made public, forcing the vendor to provide a solution (patch or upgrade), that closes that specific WooCommerce vulnerability.
CVE is short for Common Vulnerabilities and Exposures. The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. Read more on wikipedia.org: Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Common Weakness Enumeration.
If you are serious about your business running an online shop, then you need to pay attention because your WooCommerce is the most crucial factor where disaster hits your customers. In this post, we will share all the latest WooCommerce Vulnerabilities to help you prevent your eshop from revenue loss and angry shoppers backlash.
TAILORED WooCommerce CVE MAY 2024 Services for a hassle-free online business.
The following cases made headlines PUBLICLY just last month in the WooCommerce CVE MAY 2024 category:
Checkout Payment Gateway for WooCommerce | Missing Authorization (BAC) via sniff_ins |
Active Products Tables for WooCommerce | Broken Access Control (BAC) |
Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
Advanced Order Export For WooCommerce | Remote Code Execution (RCE) |
Barcode Scanner with Inventory & Order Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Broken Access Control (BAC) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Privilege Escalation (BAC) |
Currency per Product for WooCommerce | Cross-Site Request Forgery (CSRF) |
Customer Reviews for WooCommerce | Missing Authorization (BAC) to Arbitrary Email Sending |
Customer Reviews for WooCommerce | Missing Authorization (BAC) to Coupon Search |
Customer Reviews for WooCommerce | Cross-Site Scripting (XSS) via ‘s’ |
Custom Order Statuses for WooCommerce | Broken Access Control (BAC) |
Custom Thank You Page Customize For WooCommerce by Binary Carpenter | Broken Access Control (BAC) |
EAN for WooCommerce | Cross-Site Scripting (XSS) via alg_wc_ean_product_meta Shortcode |
EAN for WooCommerce | Insecure Direct Object Reference (IDOR) to Private Information Exposure via Shortcode |
Easy Accept Payments | Broken Access Control (BAC) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Request Forgery (CSRF) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Request Forgery (CSRF) |
ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Scripting (XSS) |
Email Customizer for WooCommerce | Private Data Exposure |
Email Marketing for WooCommerce by Omnisend | Cross-Site Request Forgery (CSRF) |
EPROLO Dropshipping | Broken Access Control (BAC) |
Event Manager for WooCommerce | Cross-Site Request Forgery (CSRF) |
Extra Product Options Builder for WooCommerce | Cross-Site Request Forgery (CSRF) |
Flexible Checkout Fields for WooCommerce | Broken Access Control (BAC) |
Flexible Shipping | Broken Access Control (BAC) |
GG Woo Feed for WooCommerce | Broken Access Control (BAC) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Local File Inclusion (LFi) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Remote Code Execution (RCE) |
Import Content in WordPress & WooCommerce with Excel | Cross-Site Scripting (XSS) |
Leaky Paywall | Price Manipulation |
Loan Repayment Calculator and Application Form | Cross-Site Request Forgery (CSRF) |
Multi Currency For WooCommerce | Broken Access Control (BAC) |
MultiParcels Shipping For WooCommerce | Cross-Site Request Forgery (CSRF) |
Open Close WooCommerce Store | Broken Access Control (BAC) |
Order Delivery Date for WooCommerce | Cross-Site Request Forgery (CSRF) |
Order Limit for WooCommerce | Broken Access Control (BAC) |
Payment Forms for Paystack | Cross-Site Scripting (XSS) |
Payment Gateway Based Fees and Discounts for WooCommerce | Broken Access Control (BAC) |
PPOM for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file |
Premmerce Product Filter for WooCommerce | Broken Access Control (BAC) |
Print Invoice & Delivery Notes for WooCommerce | Broken Access Control (BAC) |
Product Designer | PHP Object Injection |
Product Feed on WooCommerce for Google | Auth SQL Injection (SQLi) (SQLi) |
Product Feed PRO for WooCommerce | Private Data Exposure |
Product Input Fields for WooCommerce | Cross-Site Request Forgery (CSRF) |
Products, Order & Customers Export for WooCommerce | Broken Access Control (BAC) |
Product Sort and Display for WooCommerce | Missing Authorization (BAC) |
Sendinblue for WooCommerce | Arbitrary File Download (BAC) and Deletion (BAC) |
Shopkeeper Extender | Cross-Site Scripting (XSS) |
ShopLentor | Improper Authorization via woolentor_template_store |
ShopLentor | Cross-Site Scripting (XSS) via WL Universal Product Layout |
ShopLentor | Cross-Site Scripting (XSS) via QR Code Widget |
Shopstar! Theme | Cross-Site Request Forgery (CSRF) |
Simple Registration for WooCommerce | Unauthenticated Privilege Escalation (BAC) |
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | Missing Authorization (BAC) |
SuperFaktura WooCommerce | Server-Side Request Forgery (SSRF) |
TeraWallet – For WooCommerce | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Filter Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
Themify – WooCommerce Product Filter | Cross-Site Scripting (XSS) |
Tracking Code Manager | Broken Access Control (BAC) |
TrackShip for WooCommerce | Broken Access Control (BAC) |
USPS Shipping for WooCommerce – Live Rates | Cross-Site Request Forgery (CSRF) |
USPS Shipping for WooCommerce – Live Rates | Private Data Exposure via Log File |
Wallet System for WooCommerce | Cross-Site Request Forgery (CSRF) |
Welcart e Commerce | Broken Access Control (BAC) |
Welcart e Commerce | Cross-Site Request Forgery (CSRF) |
Wholesale For WooCommerce | Unauthenticated Arbitrary Post/Page |
WooBuddy | PHP Object Injection |
WooCommerce | Cross-Site Request Forgery (CSRF) |
WooCommerce | Private/Draft Products Access (BAC) |
WooCommerce Cart Abandonment Recovery | Templates/Abandoned Orders Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
WooCommerce Checkout Field Editor (Checkout Manager) | Cross-Site Request Forgery (CSRF) |
WooCommerce Customers Manager | SQL Injection (SQLi) |
WooCommerce Customers Manager | Private Email Disclosure |
WooCommerce Customers Manager | Cross-Site Scripting (XSS) |
WooCommerce Google Feed Manager | SQL Injection (SQLi) to Cross-Site Scripting (XSS) |
WooCommerce Multilingual & Multicurrency | SQL Injection (SQLi) |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Server Side Request Forgery |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Missing Authorization (BAC) to Unauthenticated Settings Reset |
WooCommerce Shipping Label | Cross-Site Scripting (XSS) |
WooCommerce UPS Shipping – Live Rates and Access Points | Cross-Site Request Forgery (CSRF) |
WOOCS – WooCommerce Currency Switcher | Unauthenticated Arbitrary Shortcode Execution |
WP ADA Compliance Check Basic | Cross-Site Request Forgery (CSRF) |
WPC Frequently Bought Together for WooCommerce | Broken Access Control (BAC) |
WPC Grouped Product for WooCommerce | Broken Access Control (BAC) |
WPC Smart Quick View for WooCommerce | Cross-Site Scripting (XSS) |
WP Stripe Checkout | Cross-Site Scripting (XSS) |
XforWooCommerce | Local File Inclusion (LFi) |
XPlainer WooCommerce Product FAQ | Cross-Site Request Forgery (CSRF) |
XStore Core | Limited Arbitrary File Download (BAC) |
XStore Core | Limited Arbitrary File Upload (BAC) |
XStore Core | Local File Inclusion (LFi) |
XStore Core | Multiple Broken Access Control (BAC) |
XStore Core | Cross-Site Scripting (XSS) |
XStore Core | Unauthenticated PHP Object Injection |
XStore Core | Unauthenticated Privilege Escalation (BAC) |
XStore Core | Unauthenticated SQL Injection (SQLi) |
XStore Theme | Arbitrary Option Update (BAC) |
XStore Theme | Broken Access Control (BAC) |
XStore Theme | Cross-Site Scripting (XSS) |
XStore Theme | Unauthenticated Broken Access Control (BAC) |
XStore Theme | Unauthenticated Local File Inclusion (LFi) |
XStore Theme | Unauthenticated SQL Injection (SQLi) |
YITH WooCommerce Compare | Cross-Site Request Forgery (CSRF) |
Woo CVE & WooCommerce Common Vulnerabilities and Exposures reported in 2023: | 609 |
Woo CVE & WooCommerce Common Vulnerabilities and Exposures reported in 2024: | 243 |
Automate your WooCommerce CVE MAY 2024, then focus on running your store and maximizing sales.
Running an online store pays you dividends beyond just having a good night’s sleep, knowing your customers will find your shop working from early morning to late midnight. The competition online is stiff, and many shoppers are looking for ways to get the best deals.
Any eshop module crash hits shoppers and owners hard. Downtime always has a per hour cost! As soon as your automated selling degrades or crashes, you start losing money. This is the revenue you forfeit every hour you’re down.
Are you able to prevent this? Maybe you depend on a non-existent lifeline!