VDB
CVE-2023-5348
CVE-2023-5348
PUBLISHED
CVSS 6.099999904632568 MEDIUM
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
EPSS 0.64% · 70.8th percentile
Risk Scores
CVSS v3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.64%
70.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Unknown | Product Catalog Mode For WooCommerce | 0, 0, 0 |
| multivendorx | product_catalog_mode_for_woocommerce | 0, 0, 0 |
Timeline
- Dec 18, 2023 CVE Published
- Dec 19, 2023 EPSS Score
- Dec 21, 2023 PoC Published
- Jan 17, 2024 EPSS Score
- Mar 15, 2024 EPSS Score
- Apr 13, 2024 EPSS Score
- May 12, 2024 EPSS Score
- Jun 10, 2024 EPSS Score
- Aug 7, 2024 EPSS Score
- Sep 5, 2024 EPSS Score
- Oct 4, 2024 EPSS Score
- Oct 5, 2024 Coalition ESS Score