WordPress Slickstream plugin <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via slick-grid Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via slick-grid Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin Slickstream versions = 1.4.4...

PT-2024-16093 · WordPress · Slickstream

Name of the Vulnerable Software and Affected Versions: Slickstream: Engagement and Conversions plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's slick-grid shortcode due to insufficient input sanitization an...