Feed live

WooCommerce vulnerabilities - every known CVE affecting stores and checkout

As the extension layer behind the majority of WordPress-powered stores, WooCommerce vulnerabilities carry extra weight when they touch checkout, payment, or customer data flows.

Total CVEs tracked
339,646
All time
Critical · Active
10,844
CVSS ≥ 9.0
New · 14 days
2,634
Newly disclosed
Feed last synced
1 hr ago
Data freshness

woocommerce security

Every published CVE affecting woocommerce

This list contains every CVE that names woocommerce as an affected product. Records come from the official CVE feeds maintained by MITRE and NIST. Each record includes a CVSS severity score, the affected version range, and a link to the full NVD entry. New records usually appear here within minutes of publication.

Third-party plugins, extensions, and add-ons built on top of woocommerce are included alongside the core product. In most CMS ecosystems, the majority of CVEs come from the extension layer rather than the core application itself. Searching by component name is just as important as searching by platform name.

Understanding CVSS scores

Severity ratings explained

Every CVE has a CVSS 3.x score from 0 to 10. The score is based on how the vulnerability can be reached (over the network or locally), how complex the exploit is, what access an attacker needs beforehand, whether a victim has to do something first, and the impact on confidentiality, integrity, and availability if the attack succeeds.

Critical 9.0–10.0 Remote, no auth, max impact
High 7.0–8.9 Serious, remotely exploitable
Medium 4.0–6.9 Often requires auth or conditions
Low 0.1–3.9 Limited exploitability or impact

Search by component name, vendor, or keyword to filter this list. Click any CVE ID to see the full record. If your installed version falls within the affected range, update immediately or check the vendor's security advisory.

Showing 1–30 CVEs
Sorted by Published · Newest first
CVE ID Severity CVSS Title Published
CVE-2026-12393 Jul 17, 2026 today
CVE-2026-11324 medium 6.1/10 Jul 17, 2026 today
CVE-2026-12492 Jul 16, 2026 yesterday
CVE-2026-12753 high 7.5/10 Jul 16, 2026 yesterday
CVE-2026-61958 medium 5.4/10 Jul 13, 2026 4d ago
CVE-2026-61952 medium 4.9/10 Jul 13, 2026 4d ago
CVE-2026-57810 high 8.5/10 Jul 13, 2026 4d ago
CVE-2026-57773 high 7.6/10 Jul 13, 2026 4d ago
CVE-2026-57709 high 8.6/10 Jul 13, 2026 4d ago
CVE-2026-57698 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-57424 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-57422 high 7.1/10 Jul 13, 2026 4d ago
CVE-2026-57419 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-57409 high 7.1/10 Jul 13, 2026 4d ago
CVE-2026-57402 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-57400 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-57396 high 7.1/10 Jul 13, 2026 4d ago
CVE-2026-57393 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-57390 medium 6.5/10 Jul 13, 2026 4d ago
CVE-2026-6939 high 7.2/10 Jul 11, 2026 6d ago
CVE-2026-10041 medium 4.3/10 Jul 11, 2026 6d ago
CVE-2026-10628 medium 4.3/10 Jul 11, 2026 6d ago
CVE-2026-9235 medium 4.3/10 Jul 9, 2026 8d ago
CVE-2026-9027 medium 5.3/10 Jul 9, 2026 8d ago
CVE-2026-9240 medium 4.3/10 Jul 9, 2026 8d ago
CVE-2026-11359 medium 4.3/10 Jul 9, 2026 8d ago
CVE-2026-13011 medium 6.5/10 Jul 9, 2026 8d ago
CVE-2026-13771 medium 6.4/10 Jul 9, 2026 8d ago
CVE-2026-3688 high 8.1/10 Jul 8, 2026 9d ago
CVE-2026-14500 medium 5.3/10 Jul 8, 2026 9d ago
Page 1
Prev 1 2