CVE-2022-4661
Woo Products Widgets For Elementor < 1.0.8 - Contributor+ Stored XSS via Shortcode
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS —EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
13 mar 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Produtos afetados
Unknown · Widgets for WooCommerce Products on ElementorQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →