CVE-2022-4791
Product Slider and Carousel with Category for WooCommerce < 2.8 - Contributor+ Stored XSS via Shortcode
The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Productos afectados
Unknown · Product Slider and Carousel with Category for WooCommerce¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →