CVE-2023-52222
WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF)Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.
We have discovered 296,051 live websites that are affected by CVE-2023-52222.
Affected Software
| Product |  WooCommerce |
| Category | Ecommerce |
| Vulnerable Domains | 296,051 live websites (23% of WooCommerce install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 330 versions ( 73% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Jan 8, 2024
- Updated - Jun 17, 2025
Credits
- Rafie Muhammad (Patchstack) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-52222 United States | 64,965 websites |
 Germany | 23,021 websites |
 France | 16,952 websites |
 Italy | 16,734 websites |
 Russia | 15,737 websites |
 GB | 13,307 websites |
 Vietnam | 9,989 websites |
 Spain | 9,700 websites |
 Netherlands | 8,251 websites |
 Poland | 7,563 websites |
Website Distribution by TLD
Number of websites using CVE-2023-52222| .com | 125,852 websites |
| .ru | 12,322 websites |
| .it | 11,304 websites |
| .de | 9,010 websites |
| .co.uk | 8,206 websites |
| .org | 7,019 websites |
| .nl | 6,815 websites |
| .fr | 6,185 websites |
| .pl | 5,603 websites |
| .net | 5,590 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-52222
Top websites that are affected by CVE-2023-52222. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| *****************.com | United States | *,*** | |
| *************.com | United States | *,*** | |
| **********.com |  Czech Republic | *,*** | |
| *********.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| *********.com | Netherlands | **,*** | |
| ***********.net | United States | **,*** | |
| ********.gr |  Greece | **,*** |
FAQ
CVE-2023-52222 is Cross-Site Request Forgery (CSRF) in WooCommerce
A total of 296,051 websites have been identified as vulnerable to CVE-2023-52222, based on global website indexing conducted by WebTechSurvey.
The WooCommerce is affected by the CVE-2023-52222 vulnerability.
WooCommerce versions up to and including 8.2.2 are vulnerable to CVE-2023-52222.