Shapedplugin

Product Slider For Woocommerce

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2024-3020

  • EPSS 1.18%
  • Veröffentlicht 10.04.2024 05:15:50
  • Zuletzt bearbeitet 21.11.2024 09:28:41

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access ...

5.4

CVE-2023-0537

Exploit
  • EPSS 0.19%
  • Veröffentlicht 08.05.2023 14:15:11
  • Zuletzt bearbeitet 29.01.2025 15:15:11

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor...

5.4

CVE-2022-4629

Exploit
  • EPSS 0.2%
  • Veröffentlicht 23.01.2023 15:15:15
  • Zuletzt bearbeitet 02.04.2025 16:15:26

The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-...

4.3

CVE-2022-2382

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.08.2022 15:15:14
  • Zuletzt bearbeitet 21.11.2024 07:00:52

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delet...