CVE-2022-4661
CVE-2022-4661 affects the WordPress plugin Widgets for WooCommerce Products on Elementor (versions before 1.0.8). The issue is lack of validation/escaping of certain shortcode attributes, enabling Stored XSS via shortcodes when the attacker has contributor privileges or higher. The vulnerability ...