CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52186 – WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52186
29 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a WooCommerce Product Vendors: desde n/a hasta 2.2.2. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.2. This makes it possible for unauthentica... • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-2-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51494 – WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51494
27 Dec 2023 — Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a los proveedores de productos WooCommerce: desde n/a hasta 2.2.1. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for... • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33332 – WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33332
24 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions. The WooCommerce Product Vendors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.76 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a ... • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-20193 – Product Vendors <= 2.0.35 - Reflected Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-20193
22 Aug 2017 — The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Product Vendors son vulnerables a Cross-Site Scripting Reflejado a través del parámetro 'vendor_descripti... • https://hackerone.com/reports/253313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •