CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0166 – PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0166
23 Jan 2023 — The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The PickPlugins Product Slider for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.13.41 du... • https://wpscan.com/vulnerability/f5d43062-4ef3-4dd1-b916-0127f0016f5c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2021-24300 – PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-24300
06 May 2021 — The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue La funcionalidad slider import search del plugin PickPlugins Product Slider para WooCommerce WordPress versiones anteriores a 1.13.22 no saneaba apropiadamente el parámetro GET de la palabra clave, conllevando a un problema de tipo Cross-Site Scripting reflejado WordPress Product Slider for Woo... • https://packetstorm.news/files/id/165805 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •