cleantalk
Vulnerabilities and Security Researches

WooCommerce, CVE-2024-39666

CVE, Research URL

CVE-2024-39666

Home page URL

Security reports for WooCommerce

Application

WooCommerce

Published on
Aug 18, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 9.1.2.
Affected versions
Min -, max 9.1.3.
Status
vulnerable
Previous vulnerability researches
WooCommerce Checkout Field Manager (CVE-2022-4328) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2021-24952) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2022-46797) , Jun 10, 2024
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2025-30909) , Apr 02, 2025
Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce (CVE-2023-51357) , Jun 10, 2024
New vulnerability
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025
Real Time Validation for Gravity Forms (CVE-2025-48330) , Jun 02, 2025
EU/UK VAT Manager for WooCommerce (CVE-2025-47504) , Jun 02, 2025