GCVE - cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:automattic:woocommerce:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Automattic (`1dc39c9b-4ddb-5af6-acf4-410b436129a9`)
Product	Woocommerce (`9da57e16-55d4-502c-b24f-e40a2029679a`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1310`	vulnerable	2026-06-08 06:25:39.789197	WooCommerce < 8.6 - Contributor+ Private/Draft Products Access The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products) Published: 2024-04-15T05:00:03.811Z Updated: 2024-10-31T15:14:55.332Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10486`	vulnerable	2026-06-08 06:23:46.735028	Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File MEDIUM (5.3) The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. Published: 2024-11-18T21:31:09.032Z Updated: 2026-04-08T16:57:37.812Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-47777`	vulnerable	2026-06-08 06:14:25.566006	WordPress WooCommerce and WooCommerce Blocks plugins - Auth. Cross-Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WooCommerce, Automattic WooCommerce Blocks allows Stored XSS.This issue affects WooCommerce: from n/a through 8.1.1; WooCommerce Blocks: from n/a through 11.1.1. Published: 2023-11-30T11:56:53.604Z Updated: 2026-04-28T16:08:51.789Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-1-1-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/woo-gutenberg-products-block/wordpress-woocommerce-blocks-plugin-11-1-1-cross-site-scripting-xss-vulnerability?_s_id=cve https://patchstack.com/articles/authenticated-stored-xss-in-woocommerce-and-jetpack-plugin?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-17058`	vulnerable	2026-06-08 05:09:07.789612	Details available The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code Published: 2017-11-29T07:00:00.000Z Updated: 2024-08-05T20:43:59.424Z Open on db.gcve.eu Reference links https://www.exploit-db.com/ghdb/4613/ https://github.com/woocommerce/woocommerce/issues/17964 https://www.exploit-db.com/exploits/43196/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.