Lucene search

K
wpvulndbWpvulndbWPVDB-ID:1D7BF2A9-DB58-42C5-A703-9768622D6B5A
HistoryMay 24, 2023 - 12:00 a.m.

WooCommerce Product Vendors < 2.1.77 - Unauthenticated Reflected XSS

2023-05-2400:00:00
wpscan.com
7
woocommerce
product vendors
unauthenticated
reflected xss
high-privilege users

0.001 Low

EPSS

Percentile

19.7%

The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.

CPENameOperatorVersion
woocommerce-product-vendorslt2.1.77

0.001 Low

EPSS

Percentile

19.7%

Related for WPVDB-ID:1D7BF2A9-DB58-42C5-A703-9768622D6B5A