Aggregates CVE and security vulnerability intelligence across all doofinder-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk csrf, and vendor risk open redirect; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-25596 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8. | [email protected] | 5.9 | 0.06% | 2024-03-15 | 2026-04-28 |
| CVE-2023-51678 | Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33. | [email protected] | 4.3 | 0.04% | 2024-01-05 | 2026-04-28 |
| CVE-2023-40602 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | [email protected] | 4.7 | 0.11% | 2023-12-19 | 2026-04-28 |
| CVE-2023-49185 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.1.7. | [email protected] | 7.1 | 0.19% | 2023-12-15 | 2026-04-28 |