cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2024-1310

CVE, Research URL

CVE-2024-1310

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Apr 15, 2024
Research Description
The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)
Affected versions
Min -, max 8.9.3.
Status
vulnerable
Previous vulnerability researches
WooCommerce Checkout Field Manager (CVE-2022-4328) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2021-24952) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2022-46797) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2025-30909) , Apr 02, 2025
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2023-51357) , Jun 10, 2024
New vulnerability
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025
Real Time Validation for Gravity Forms (CVE-2025-48330) , Jun 02, 2025
EU/UK VAT Manager for WooCommerce (CVE-2025-47504) , Jun 02, 2025