WooCommerce vulnerabilities - every known CVE affecting stores and checkout
As the extension layer behind the majority of WordPress-powered stores, WooCommerce vulnerabilities carry extra weight when they touch checkout, payment, or customer data flows.
woocommerce security
Every published CVE affecting woocommerce
This list contains every CVE that names woocommerce as an affected product. Records come from the official CVE feeds maintained by MITRE and NIST. Each record includes a CVSS severity score, the affected version range, and a link to the full NVD entry. New records usually appear here within minutes of publication.
Third-party plugins, extensions, and add-ons built on top of woocommerce are included alongside the core product. In most CMS ecosystems, the majority of CVEs come from the extension layer rather than the core application itself. Searching by component name is just as important as searching by platform name.
Understanding CVSS scores
Severity ratings explained
Every CVE has a CVSS 3.x score from 0 to 10. The score is based on how the vulnerability can be reached (over the network or locally), how complex the exploit is, what access an attacker needs beforehand, whether a victim has to do something first, and the impact on confidentiality, integrity, and availability if the attack succeeds.
Search by component name, vendor, or keyword to filter this list. Click any CVE ID to see the full record. If your installed version falls within the affected range, update immediately or check the vendor's security advisory.
| CVE ID | Severity | CVSS | Title | Published |
|---|---|---|---|---|
| CVE-2026-12393 | — | — | Jul 17, 2026 today | |
| CVE-2026-11324 | medium | 6.1/10 | Jul 17, 2026 today | |
| CVE-2026-12492 | — | — | Jul 16, 2026 yesterday | |
| CVE-2026-12753 | high | 7.5/10 | Jul 16, 2026 yesterday | |
| CVE-2026-61958 | medium | 5.4/10 | Jul 13, 2026 4d ago | |
| CVE-2026-61952 | medium | 4.9/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57810 | high | 8.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57773 | high | 7.6/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57709 | high | 8.6/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57698 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57424 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57422 | high | 7.1/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57419 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57409 | high | 7.1/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57402 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57400 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57396 | high | 7.1/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57393 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-57390 | medium | 6.5/10 | Jul 13, 2026 4d ago | |
| CVE-2026-6939 | high | 7.2/10 | Jul 11, 2026 6d ago | |
| CVE-2026-10041 | medium | 4.3/10 | Jul 11, 2026 6d ago | |
| CVE-2026-10628 | medium | 4.3/10 | Jul 11, 2026 6d ago | |
| CVE-2026-9235 | medium | 4.3/10 | Jul 9, 2026 8d ago | |
| CVE-2026-9027 | medium | 5.3/10 | Jul 9, 2026 8d ago | |
| CVE-2026-9240 | medium | 4.3/10 | Jul 9, 2026 8d ago | |
| CVE-2026-11359 | medium | 4.3/10 | Jul 9, 2026 8d ago | |
| CVE-2026-13011 | medium | 6.5/10 | Jul 9, 2026 8d ago | |
| CVE-2026-13771 | medium | 6.4/10 | Jul 9, 2026 8d ago | |
| CVE-2026-3688 | high | 8.1/10 | Jul 8, 2026 9d ago | |
| CVE-2026-14500 | medium | 5.3/10 | Jul 8, 2026 9d ago |