CVE security advisories and vulnerability history for woocommerce by woocommerce.
18
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
3
Public exploits
With known exploit
5.7
Avg CVSS
2017–2025
Last updated
Overview
woocommerce has 18 published CVE records since 2017, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 5.7.
This page aggregates every publicly disclosed vulnerability (CVE) affecting woocommerce, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of woocommerce's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical0
High2
Medium7
Low0
9 additional CVEs have no CVSS severity score.
In CISA’s Known Exploited Vulnerabilities catalog
0
None of woocommerce's CVEs are currently listed in CISA's KEV catalog.
Public exploits
3
3 of woocommerce's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every woocommerce version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about woocommerce vulnerabilities.
How many CVEs does woocommerce woocommerce have?
woocommerce woocommerce has 18 published CVE records since 2017.
How many woocommerce woocommerce CVEs are in CISA KEV?
None of woocommerce woocommerce's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for woocommerce woocommerce vulnerabilities?
Yes — 3 of woocommerce woocommerce's CVEs have a known public exploit.
Which versions of woocommerce woocommerce are affected?
343 distinct woocommerce woocommerce versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in woocommerce woocommerce CVEs?
woocommerce woocommerce's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-862 (Missing Authorization).
What is the average severity of woocommerce woocommerce CVEs?
The average CVSS base score across woocommerce woocommerce's scored CVEs is 5.7.
