The Product Slider and Carousel with Category for WooCommerce WordPress plugin before 2.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Product_slider_and_carousel_with_category_with_woocommerce | Essentialplugin | * | 2.8 (excluding) |