The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NPickplugins Product Slider For Woocommerce
APPPickplugins< 1.13.42
Powiązane podatności
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlug...
The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.1...
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To...
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for Word...
The Post Grid plugin for WordPress is vulnerable to blind SQL Injection via post metadata in versions up to, a...