WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting (XSS)

vendor:

WordPress Plugin Product Slider for WooCommerce

by:

0xB9

6.1

CVSS

MEDIUM

Cross Site Scripting (XSS)

CWE

Product Name: WordPress Plugin Product Slider for WooCommerce

Affected Version From: 1.13.21

Affected Version To: 1.13.21

Patch Exists: YES

Related CWE: CVE-2021-24300

CPE: 2.3:a:wordpress:wordpress_plugin_product_slider_for_woocommerce:1.13.21

Metasploit:

Other Scripts:

Tags: cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated,wpscan

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Nuclei Metadata: {'max-request': 2, 'framework': 'wordpress', 'vendor': 'pickplugins', 'product': 'product_slider_for_woocommerce'}

Platforms Tested: Windows 10

2021

This plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting.

Upgrade to version 1.13.22 or later.

Source