Search
Find a vulnerability
Search criteria
4 vulnerabilities found for product_catalog_mode_for_woocommerce by multivendorx
CVE-2024-25929 (GCVE-0-2024-25929)
Vulnerability from nvd – Published: 2024-06-09 10:30 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/woo… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MultiVendorX | Product Catalog Enquiry for WooCommerce by MultiVendorX |
Affected:
n/a , ≤ 5.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T14:13:59.529768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:14:03.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woocommerce-catalog-enquiry/wordpress-product-catalog-mode-for-woocommerce-plugin-5-0-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woocommerce-catalog-enquiry",
"product": "Product Catalog Enquiry for WooCommerce by MultiVendorX",
"vendor": "MultiVendorX",
"versions": [
{
"changes": [
{
"at": "5.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.\u003cp\u003eThis issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:14.074Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/woocommerce-catalog-enquiry/wordpress-product-catalog-mode-for-woocommerce-plugin-5-0-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.0.6 or a higher version."
}
],
"value": "Update to 5.0.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Product Catalog Mode For Woocommerce plugin \u003c= 5.0.5 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-25929",
"datePublished": "2024-06-09T10:30:16.983Z",
"dateReserved": "2024-02-12T08:35:19.125Z",
"dateUpdated": "2026-04-28T16:09:14.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5348 (GCVE-0-2023-5348)
Vulnerability from nvd – Published: 2023-12-18 20:07 – Updated: 2024-08-02 07:52
VLAI
Title
Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update
Summary
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/b37b09c1-1b53-47… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Product Catalog Mode For WooCommerce |
Affected:
0 , < 5.0.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Product Catalog Mode For WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c (CERT PL)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T20:07:59.959Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Product Catalog Enquiry for WooCommerce \u003c 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5348",
"datePublished": "2023-12-18T20:07:59.959Z",
"dateReserved": "2023-10-03T10:02:33.963Z",
"dateUpdated": "2024-08-02T07:52:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25929 (GCVE-0-2024-25929)
Vulnerability from cvelistv5 – Published: 2024-06-09 10:30 – Updated: 2026-04-28 16:09
VLAI
Title
WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability
Summary
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/vulnerability/woo… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MultiVendorX | Product Catalog Enquiry for WooCommerce by MultiVendorX |
Affected:
n/a , ≤ 5.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T14:13:59.529768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T14:14:03.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://patchstack.com/database/vulnerability/woocommerce-catalog-enquiry/wordpress-product-catalog-mode-for-woocommerce-plugin-5-0-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woocommerce-catalog-enquiry",
"product": "Product Catalog Enquiry for WooCommerce by MultiVendorX",
"vendor": "MultiVendorX",
"versions": [
{
"changes": [
{
"at": "5.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.0.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Abdi Pranata (Patchstack Alliance)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.\u003cp\u003eThis issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:09:14.074Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/vulnerability/woocommerce-catalog-enquiry/wordpress-product-catalog-mode-for-woocommerce-plugin-5-0-5-broken-access-control-vulnerability?_s_id=cve"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to 5.0.6 or a higher version."
}
],
"value": "Update to 5.0.6 or a higher version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Product Catalog Mode For Woocommerce plugin \u003c= 5.0.5 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-25929",
"datePublished": "2024-06-09T10:30:16.983Z",
"dateReserved": "2024-02-12T08:35:19.125Z",
"dateUpdated": "2026-04-28T16:09:14.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5348 (GCVE-0-2023-5348)
Vulnerability from cvelistv5 – Published: 2023-12-18 20:07 – Updated: 2024-08-02 07:52
VLAI
Title
Product Catalog Enquiry for WooCommerce < 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update
Summary
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
Severity
No CVSS data available.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/b37b09c1-1b53-47… | exploitvdb-entrytechnical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Product Catalog Mode For WooCommerce |
Affected:
0 , < 5.0.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "Product Catalog Mode For WooCommerce",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.0.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c (CERT PL)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T20:07:59.959Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Product Catalog Enquiry for WooCommerce \u003c 5.0.3 - Unauthenticated Stored XSS via Arbitrary Setting Update",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5348",
"datePublished": "2023-12-18T20:07:59.959Z",
"dateReserved": "2023-10-03T10:02:33.963Z",
"dateUpdated": "2024-08-02T07:52:08.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}