exploitDog

GHSA-3mxw-j4x8-9xp2

Опубликовано: 21 фев. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Ссылки

EPSS

Процентиль: 34%

0.00138

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-4791

CVSS3: 5.4

nvd

почти 3 года назад

The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

EPSS

Процентиль: 34%

0.00138

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79