3 matches found
CVE-2022-2382
The CVE-2022-2382 entry affects the WordPress plugin Product Slider for WooCommerce (versions before 2.5.7). The underlying issue is flawed CSRF checks and incomplete authorization in certain AJAX actions, enabling any authenticated user (e.g., a subscriber) to invoke those actions and, in at lea...
CVE-2022-4629
The CVE‑2022‑4629 entry concerns the WordPress plugin Product Slider for WooCommerce (versions prior to 2.6.4). The vulnerability arises from failure to validate and escape certain shortcode attributes, allowing a user with as little as a contributor role to trigger a stored XSS, potentially impa...
CVE-2023-0537
CVE-2023-0537 affects the WordPress plugin Product Slider For WooCommerce Lite (versions ≤ 1.1.7). The issue is stored cross-site scripting due to inadequate validation/escaping of shortcode attributes prior to output when the shortcode is embedded on a page, enabling attackers with contributor+ ...