CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0537 – Product Slider For WooCommerce Lite <= 1.1.7 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0537
17 Apr 2023 — The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Product Slider For WooCommerce Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Meta Keys in versions up to, and including, 1.1.7 due to insufficient input sanitization ... • https://wpscan.com/vulnerability/d7369f1d-d1a0-4576-a676-c70525a6c743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0166 – PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0166
23 Jan 2023 — The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The PickPlugins Product Slider for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.13.41 du... • https://wpscan.com/vulnerability/f5d43062-4ef3-4dd1-b916-0127f0016f5c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4629 – Product Slider for WooCommerce < 2.6.4 - Contributor+ Stored XSS in Shortcode
https://notcve.org/view.php?id=CVE-2022-4629
28 Dec 2022 — The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. El complemento Product Slider for WooCommerce WordPress anterior a 2.6.4 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a la página, lo que po... • https://wpscan.com/vulnerability/cf0a51f9-21d3-4ae8-b7d2-361921038fe8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2382 – Product Slider for WooCommerce < 2.5.7 - Subscriber+ Arbitrary Options Deletion
https://notcve.org/view.php?id=CVE-2022-2382
26 Jul 2022 — The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. El plugin Product Slider for WooCommerce de WordPress versiones anteriores a 2.5.7, presenta comprobaciones de tipo CSRF fallidas y carece de autorización en algunas de sus acciones AJAX, lo que permite a cualquier usuario autenticado, ... • https://wpscan.com/vulnerability/777d4637-444b-4eda-bc21-95d3a3bf6cd3 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24300 – PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24300
06 May 2021 — The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue La funcionalidad slider import search del plugin PickPlugins Product Slider para WooCommerce WordPress versiones anteriores a 1.13.22 no saneaba apropiadamente el parámetro GET de la palabra clave, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Product Slider for Woo... • https://www.exploit-db.com/exploits/50704 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •