vendor:
WordPress Plugin Product Slider for WooCommerce
by:
0xB9
6.1
CVSS
MEDIUM
Cross Site Scripting (XSS)
79
CWE
Product Name: WordPress Plugin Product Slider for WooCommerce
Affected Version From: 1.13.21
Affected Version To: 1.13.21
Patch Exists: YES
Related CWE: CVE-2021-24300
CPE: 2.3:a:wordpress:wordpress_plugin_product_slider_for_woocommerce:1.13.21
Tags: cve,cve2021,xss,wp,wordpress,wp-plugin,authenticated,wpscan
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Nuclei Metadata: {'max-request': 2, 'framework': 'wordpress', 'vendor': 'pickplugins', 'product': 'product_slider_for_woocommerce'}
Platforms Tested: Windows 10
2021
WordPress Plugin Product Slider for WooCommerce 1.13.21 – Cross Site Scripting (XSS)
This plugin is a easy carousel slider for WooCommerce products. The slider import search feature is vulnerable to reflected cross-site scripting.
Mitigation:
Upgrade to version 1.13.22 or later.
