CVE-2024-22155
WordPress WooCommerce plugin <= 8.5.2 - Cross Site Request Forgery (CSRF) vulnerabilityCross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.5.2.
We have discovered 536,804 live websites that are affected by CVE-2024-22155.
Affected Software
| Product |  WooCommerce |
| Category | Ecommerce |
| Vulnerable Domains | 536,804 live websites (35.85% of WooCommerce install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 424 versions ( 87.97% of all versions) |
Common Weakness Enumeration
CWE-352 Cross-Site Request Forgery (CSRF)Details
- Published - Apr 7, 2024
- Updated - Feb 26, 2025
Credits
- Dhabaleshwar Das (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2024-22155 usage by Country
 United States | 156,454 websites |
 Germany | 53,217 websites |
 France | 35,632 websites |
 Russia | 22,478 websites |
 GB | 21,885 websites |
 Vietnam | 16,447 websites |
 Spain | 15,251 websites |
 Netherlands | 14,514 websites |
 Italy | 14,281 websites |
 Poland | 13,418 websites |
CVE-2024-22155 usage by TLD
| .com | 234,998 websites |
| .ru | 18,232 websites |
| .de | 15,509 websites |
| .co.uk | 15,306 websites |
| .org | 13,352 websites |
| .nl | 13,249 websites |
| .it | 12,178 websites |
| .fr | 10,896 websites |
| .pl | 10,785 websites |
| .com.au | 10,533 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-22155
Top websites that are affected by CVE-2024-22155. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.com | United States | *,*** | |
| ***********.com | United States | *,*** | |
| *****************.com | United States | *,*** | |
| *************.com | United States | *,*** | |
| **********.com | United States | *,*** | |
| **********.com |  Czech Republic | *,*** | |
| *********.com | United States | *,*** | |
| ************.ie | United States | *,*** | |
| *********.com | United States | *,*** | |
| **********.com | United States | *,*** |
FAQ
CVE-2024-22155 is Cross-Site Request Forgery (CSRF) in WooCommerce
A total of 536,804 websites have been identified as vulnerable to CVE-2024-22155, discovered through global website indexing conducted by WebTechSurvey.
WooCommerce is susceptible to CVE-2024-22155 vulnerability.
WooCommerce versions before, and including, 8.5.2 are vulnerable to CVE-2024-22155.