cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2024-35777

CVE, Research URL

CVE-2024-35777

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Jul 09, 2024
Research Description
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Automattic WooCommerce allows Content Spoofing.This issue affects WooCommerce: from n/a through 8.9.2.
Affected versions
Min -, max 8.4.0.
Status
vulnerable
Previous vulnerability researches
WooCommerce Checkout Field Manager (CVE-2022-4328) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2021-24952) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2022-46797) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2025-30909) , Apr 02, 2025
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2023-51357) , Jun 10, 2024
New vulnerability
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025
Real Time Validation for Gravity Forms (CVE-2025-48330) , Jun 02, 2025
EU/UK VAT Manager for WooCommerce (CVE-2025-47504) , Jun 02, 2025