CVE-2022-4791
Product Slider and Carousel with Category for WooCommerce < 2.8 - Contributor+ Stored XSS via Shortcode
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · Product Slider and Carousel with Category for WooCommerceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →