CVE-2022-4655

Name of the Vulnerable Software and Affected Versions Welcart e-Commerce WordPress plugin versions prior to 2.8.9

Description The issue is related to the Welcart e-Commerce WordPress plugin, where it does not validate and escape one of its shortcode attributes. This could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack.

Recommendations For versions prior to 2.8.9, update to version 2.8.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute until a patch is available.