GCVE - cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:woocommerce:woocommerce_pre-orders:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Woocommerce (`c7b0e075-8e70-51f0-86a8-e45639512f20`)
Product	Woocommerce Pre Orders (`68f5bf82-a555-50c6-a73c-03a80488f0b7`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-3508`	vulnerable	2026-06-03 14:52:41.028080	WooCommerce Pre-Orders < 2.0.3 - Unauthorised Actions via CSRF The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks Published: 2023-07-31T09:37:37.921Z Updated: 2025-04-23T16:19:41.696Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/064c7acb-db57-4537-8a6d-32f7ea31c738	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-3507`	vulnerable	2026-06-03 14:52:41.027668	WooCommerce Pre-Orders < 2.0.3 - Arbitrary Pre-Order Canceling via CSRF The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack Published: 2023-07-31T09:37:37.183Z Updated: 2025-04-23T16:19:48.556Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/e72bbe9b-e51d-40ab-820d-404e0cb86ee6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32802`	vulnerable	2026-06-03 14:52:00.012626	WordPress WooCommerce Pre-Orders Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) HIGH (7.1) Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions. Published: 2023-08-30T11:29:34.356Z Updated: 2026-04-28T16:08:24.410Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-1-9-0-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32793`	vulnerable	2026-06-03 14:51:59.991516	WordPress WooCommerce Pre-Orders Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) MEDIUM (6.5) Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions. Published: 2023-08-30T11:34:54.709Z Updated: 2026-04-28T16:08:24.174Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/woocommerce-pre-orders/wordpress-woocommerce-pre-orders-plugin-2-0-0-contributor-stored-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Woocommerce Pre Orders

PURL mappings

Vulnerability references

Contribute