Vulnerabilities > WOO > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2017-20193 Cross-site Scripting vulnerability in WOO Product Vendors
The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output escaping.
network
low complexity
woo CWE-79
6.1
6.1
2024-06-11 CVE-2023-52186 Unspecified vulnerability in WOO Product Vendors
Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.2.
network
low complexity
woo
5.3
5.3