5 matches found
CVE-2022-4661
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
WordPress Woo Products Widgets For Elementor Plugin < 1.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Woo Products Widgets For Elementor Type Plugin Vulnerable versions 1.0.8 Fixed in 1.0.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4661 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1f3087ed1109 Credits...
CVE-2022-4661 Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2022-4661 Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored...
CVE-2022-4661
CVE-2022-4661 affects the WordPress plugin Widgets for WooCommerce Products on Elementor (versions before 1.0.8). The issue is lack of validation/escaping of certain shortcode attributes, enabling Stored XSS via shortcodes when the attacker has contributor privileges or higher. The vulnerability ...