WordPress · Wp Shopping Pages · CVE-2023-3492
**Name of the Vulnerable Software and Affected Versions**
WP Shopping Pages WordPress plugin versions 1.14 and earlier
**Description**
The issue is related to the lack of CSRF checks in some areas of the plugin, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.
**Recommendations**
For WP Shopping Pages WordPress plugin versions 1.14 and earlier, update to a version that includes proper CSRF checks, sanitization, and escaping to prevent potential attacks.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.