Aggregates CVE and security vulnerability intelligence across all woo-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2017-20193 | The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | [email protected] | 4.7 | 0.38% | 2024-10-16 | 2024-10-30 |
| CVE-2023-52186 | Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2. | [email protected] | 5.3 | 0.31% | 2024-06-11 | 2024-11-21 |
| CVE-2023-33331 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76. | [email protected] | 8.5 | 0.93% | 2023-12-18 | 2026-04-28 |
| CVE-2023-35879 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78. | [email protected] | 7.6 | 0.58% | 2023-10-31 | 2026-04-28 |