Approved changes feed: RSS · Atom

cpe:2.3:a:woo:product_vendors:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorWoo (417a6183-9b53-5ac5-a90a-f5305e120003)
ProductProduct Vendors (d74da43f-5778-5fac-b40e-cc8989e6d078)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/wp-premium/woocommerce-product-vendors purl2cpe 2026-06-01 10:16:57.568093

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-52186 vulnerable 2026-06-08 06:17:54.412231 WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.
Published: 2024-06-11T09:23:17.152Z
Updated: 2026-04-28T16:09:05.884Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-35879 vulnerable 2026-06-08 06:06:28.037971 WordPress WooCommerce Product Vendors Plugin <= 2.1.78 is vulnerable to SQL Injection
HIGH (7.6)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.78.
Published: 2023-10-31T14:20:22.918Z
Updated: 2026-04-28T16:08:29.899Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-33331 vulnerable 2026-06-08 06:06:22.336353 WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to SQL Injection
HIGH (8.5)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.This issue affects Product Vendors: from n/a through 2.1.76.
Published: 2023-12-18T22:39:43.019Z
Updated: 2026-04-28T16:08:26.261Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-20193 vulnerable 2026-06-08 05:09:23.462986 Product Vendors <= 2.0.35 - Reflected Cross Site Scripting
MEDIUM (4.7)
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Published: 2024-10-16T07:31:51.171Z
Updated: 2026-04-08T17:12:34.697Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.