PickPlugins Product Slider for WooCommerce < 1.13.22 - Reflected Cross-Site Scripting (XSS)
CVE-2021-24300

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Pickplugins Product Slider For WooCommerce
Vendor
CVE Published:
24 May 2021

Summary

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue

Affected Version(s)

PickPlugins Product Slider for WooCommerce 1.13.22

References

https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xB9
.