CVE-2023-5348

Summary

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.

Affected Software

VendorProductVersion RangeStatus
UnknownProduct Catalog Mode For WooCommerce0 < 5.0.3affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References