Vulnerability Description
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Multivendorx | Product Catalog Mode For Woocommerce | < 5.0.3 |
Related Weaknesses (CWE)
References
- https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1ExploitThird Party Advisory
- https://wpscan.com/vulnerability/b37b09c1-1b53-471c-9b10-7d2d05ae11f1ExploitThird Party Advisory
FAQ
What is CVE-2023-5348?
CVE-2023-5348 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
How severe is CVE-2023-5348?
CVE-2023-5348 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5348?
Check the references section above for vendor advisories and patch information. Affected products include: Multivendorx Product Catalog Mode For Woocommerce.