CVE-2023-52186 – WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-52186
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a WooCommerce Product Vendors: desde n/a hasta 2.2.2. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-2-unauthenticated-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-51494 – WordPress WooCommerce Product Vendors plugin <= 2.2.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-51494
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. Vulnerabilidad de autorización faltante en Woo WooCommerce Product Vendors. Este problema afecta a los proveedores de productos WooCommerce: desde n/a hasta 2.2.1. The WooCommerce Product Vendors plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-2-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-33332 – WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33332
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions. The WooCommerce Product Vendors plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.1.76 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •