CVE Vulnerabilities

CVE-2022-4791

Published: Feb 21, 2023 | Modified: Mar 14, 2025
CVSS 3.x
5.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Affected Software

Name Vendor Start Version End Version
Product_slider_and_carousel_with_category_with_woocommerce Essentialplugin * 2.8 (excluding)

References