WooCommerce

LAB ONLY | AUTHORIZED TARGETS ONLY | 自动生成索引

系统 ID: woocommerce
分类: ecommerce
覆盖策略: history-full
总案例数: 111
近 30 天新增/更新: 0
重点 Markdown 案例数: 0
已实证(真实版本): 0
已实证(synthetic): 0
阻塞数: 0
待人工/缺浏览器证据: 111
最近渲染时间: 2026-04-02T09:18:51+00:00

目标约束

适用目标类型: lab-local, lab-public, authorized-third-party
是否允许公网验证: yes, but ownership or authorization is required
授权前提: 资产归属可证明，或已取得书面/明确授权。
最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
禁止场景: 无归属证明或无明确授权的公网目标；知名公共网站或与测试无关的第三方资产；会造成持久破坏、数据越权下载或不可回滚影响的动作

来源

official Woo Developer Advisories (mode=core)
official GitHub WooCommerce Advisories (mode=core)
official NVD WooCommerce (keyword=WooCommerce; mode=core)
ecosystem-authority OSV WooCommerce (mode=core)
ecosystem-authority Patchstack Database (mode=extension)
ecosystem-authority Wordfence Vulnerability Database (mode=extension)

案例列表

标题	严重度	案例状态	实证状态	实证方式	来源置信度	更新时间	案例页
CVE-2019-18834	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:33:40.530`	-
CVE-2019-20891	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:39:37.827`	-
CVE-2020-11727	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:58:29.603`	-
CVE-2020-8819	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T05:39:30.133`	-
CVE-2014-4558	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T02:10:26.603`	-
CVE-2019-18668	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:33:29.677`	-
CVE-2019-14979	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:27:48.810`	-
CVE-2019-14978	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:27:48.663`	-
CVE-2017-18592	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:20:28.627`	-
CVE-2016-10935	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T02:45:06.817`	-
CVE-2019-15092	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:28:02.440`	-
CVE-2016-10923	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T02:45:05.073`	-
CVE-2016-10922	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T02:45:04.920`	-
CVE-2018-20966	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:02:35.007`	-
CVE-2019-14948	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:27:44.950`	-
CVE-2017-18506	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:20:16.597`	-
CVE-2019-14796	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:27:22.400`	-
CVE-2019-14774	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:27:19.310`	-
CVE-2019-1010124	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:17:58.953`	-
CVE-2019-5979	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:45:50.723`	-
CVE-2019-11807	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:21:48.027`	-
CVE-2019-7441	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:48:14.587`	-
CVE-2019-9168	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:51:07.733`	-
CVE-2018-20782	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:02:09.783`	-
CVE-2018-20714	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:02:00.963`	-
CVE-2017-18356	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:19:55.073`	-
CVE-2018-11525	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:43:32.763`	-
CVE-2018-11486	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:43:27.857`	-
CVE-2018-11485	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:43:27.710`	-
CVE-2018-11579	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T03:43:39.363`	-
CVE-2018-8711	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:14:10.983`	-
CVE-2018-8710	`critical`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:14:10.840`	-
CVE-2015-2329	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T02:27:13.723`	-
CVE-2018-5316	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2024-11-21T04:08:34.753`	-
CVE-2017-17058	`high`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-20T01:37:25.860`	-
CVE-2016-10112	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-12T10:46:40.837`	-
CVE-2015-5065	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-12T10:46:40.837`	-
CVE-2015-2069	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-12T10:46:40.837`	-
CVE-2014-6313	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-12T10:46:40.837`	-
CVE-2014-4549	`medium`	`triage`	`triage-manual`	`synthetic`	`official`	`2025-04-12T10:46:40.837`	-
woocommerce	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Second parameter of woocommerce_get_breadcrumb may be null for Core Breadcrumbs block in WooCommerce 10.6	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
HPOS sync on read to be disabled by default in WooCommerce 10.7	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Join the Community Slack	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Booster for WooCommerce < 7.11.3 Broken Access Control vulnerability	`unknown`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	``	-
WooCommerce 10.6.1: Dot Release	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Policy	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Call for Testing: WooCommerce Order Fulfillments	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Join us for our “Building Ecommerce Community” Live Event	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Pull requests
369	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
See all Release Posts	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.6: What’s coming for developers	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Subscriptions for WooCommerce <= 1.9.2 Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation vulnerability	`unknown`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	``	-
AI & Agentic Commerce in WooCommerce	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Actions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Contribute to WooCommerce	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
How AI and Automation are Improving the Woo Release Process	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Projects	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.4.3: Dot Release	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Become a Woo agency partner	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.5: What’s coming for developers	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce Meetups	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Events	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Skip to content	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Product images are now lazy-loaded by default in WooCommerce 10.6	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WowStore <= 4.4.3 WordPress WowStore - Store Builder & Product Blocks for WooCommerce plugin <= 4.4.3 - Unauthenticated SQL Injection via 'search' Parameter vulnerability	`unknown`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	``	-
Sign up	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Release Calendar	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Improving WooCommerce Performance at Scale	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.5 Release is Delayed	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Star
10.2k	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Newsletter	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
See all Roadmap Insights	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Contact Us	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.6: Enhanced blocks and a faster dashboard	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Issues
2.6k	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
What we’re doing to get the Woo Block Theme ready for you	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Get started	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Call for testing: Experimental REST API Caching in WooCommerce 10.5	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Experimental Product Object Caching in WooCommerce 10.5	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Become a Marketplace partner	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Restricting per_page for Product and ProductReview Store API Requests in WooCommerce 10.6	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
March Office Hours: Testing, testing	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Discussions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Wiki	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Sign in	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.5.3: Dot release	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
woocommerce	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Insights	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Do not sell or share my personal information	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Mailchimp API Maintenance on February 28, 2026	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Community Forum	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
XSS Vulnerability in WooCommerce checkout & registration forms	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.5.1: Dot Release	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Call for Testing: WooCommerce MCP Beta	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.5: Improving analytics and admin performance	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Security
2	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Store API Vulnerability Patched in WooCommerce 5.4+ – What You Need To Know	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Release Posts	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
GitHub Discussions	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
About	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Status	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
See all Developer Advisories	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
See all posts	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce 10.5.2: Dot Release	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Understanding the Interactivity API-driven future for WooCommerce Blocks	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
WooCommerce	`unknown`	`triage`	`triage-manual`	`synthetic`	`ecosystem-authority`	``	-
WooCommerce Block Theme: An update on our strategy	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Join the Woo community on Slack	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-
Release downloads	`unknown`	`triage`	`triage-manual`	`synthetic`	`official`	``	-

15 KiB 原始文件 Blame 文件历史

WooCommerce

目标约束

来源

案例列表

15 KiB

原始文件 Blame 文件历史