WooCommerce Product Vendors

Vulnerabilities 15Slug woocommerce-product-vendors

Minimum safe version

2.2.3

Update to 2.2.3 or later to address 15 fixable vulnerabilities

Medium 4.7

2024-10-16< 2.0.36

CVE-2017-20193

CVE

Medium 5.3

2024-12-27< 2.2.2

WordPress WooCommerce Product Vendors Plugin <= 2.2.1 is vulnerable to Broken Access Control

Patchstack CVE Wordfence WPScan

Medium 5.3

2024-12-29< 2.2.3

WordPress WooCommerce Product Vendors Plugin <= 2.2.2 is vulnerable to Broken Access Control

Patchstack CVE Wordfence WPScan

N/A

< 2.0.36

WooCommerce Product Vendors Plugin <= 2.0.27 - Unauthenticated Reflected XSS

WPScan

N/A

< 2.1.66

WooCommerce Products Vendor < 2.1.66 - Unauthenticated Blind SQLi

WPScan

N/A

< 2.1.66

WooCommerce Products Vendor < 2.1.66 - Note Creation via IDOR

WPScan

N/A

< 2.1.69

WooCommerce Product Vendors < 2.1.69 - Vendor Commission Percentage Update via IDOR

WPScan

N/A

2022-10-04< 2.1.66

WooCommerce Products Vendor <= 2.1.65 - Insecure Direct Object Reference to Note Creation

Wordfence

N/A

2022-10-04< 2.1.69

WooCommerce Products Vendor <= 2.1.68 - Insecure Direct Object Reference to Vendor Commission Percentage Update

Wordfence

N/A

2022-10-04< 2.1.66

WooCommerce Products Vendor <= 2.1.65 - Unauthenticated SQL Injection

Wordfence

High 7.6

2023-10-31< 2.1.79

CVE-2023-35879

CVE Patchstack Wordfence WPScan

High 8.5

2023-12-18< 2.1.77

CVE-2023-33331

CVE Patchstack Wordfence WPScan

High 7.1

2023-05-28< 2.1.77

CVE-2023-33332

CVE Patchstack Wordfence WPScan WPScan

N/A

2017-08-22< 2.0.36

Product Vendors <= 2.0.35 - Reflected Cross Site Scripting

Wordfence

N/A

2017-08-31< 2.0.37

WordPress WooCommerce Product Vendors plugin <=2.0.27 - Unauthenticated Reflected XSS vulnerability

Patchstack