Lucene search
WpvulndbWPVDB-ID:1D7BF2A9-DB58-42C5-A703-9768622D6B5AHistoryMay 24, 2023 - 12:00 a.m.
WooCommerce Product Vendors < 2.1.77 - Unauthenticated Reflected XSS
2023-05-2400:00:00
wpscan.com
7
woocommerce
product vendors
unauthenticated
reflected xss
high-privilege users
0.001 Low
EPSS
Percentile
19.7%
The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.
| CPE | Name | Operator | Version |
|---|---|---|---|
| woocommerce-product-vendors | lt | 2.1.77 |
References
patchstack.com/database/vulnerability/woocommerce-product-vendors/wordpress-woocommerce-product-vendors-plugin-2-1-76-reflected-cross-site-scripting-xss-vulnerability
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woocommerce-product-vendors/woocommerce-product-vendors-2176-reflected-cross-site-scripting
Related
nvd
nvd
CVE-2023-33332
2023-05-28 19:15:09
wpvulndb
wpvulndb
WooCommerce Product Vendors < 2.1.77 - Reflected XSS
2023-06-21 00:00:00
cve
cve
CVE-2023-33332
2023-05-28 19:15:09
prion
prion
Cross site scripting
2023-05-28 19:15:00
cvelist
cvelist
wpexploit
wpexploit
WooCommerce Product Vendors < 2.1.77 - Reflected XSS
2023-06-21 00:00:00
wordfence
wordfence