3 matches found
CVE-2023-48327
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...
CVE-2023-48327
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n...
YITH WooCommerce Multi Vendor < 3.8.1 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in admin pages, leading to Reflected Cross-Site Scripting issues https://example.com/wp-admin/admin.php?page=yithvendorcommissions&message=error&text=alert/XSS/ fixed in 3.8.0 Below fixed in 3.8.1 alert/XSS/' /...