CVE-2022-4791

Name of the Vulnerable Software and Affected Versions Product Slider and Carousel with Category for WooCommerce WordPress plugin versions prior to 2.8

Description The issue concerns a lack of validation and escaping of one of its shortcode attributes, potentially allowing users with a role as low as contributor to perform a Stored Cross-Site Scripting attack.

Recommendations For versions prior to 2.8, update to version 2.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute until a patch is available. Restrict access to users with low roles, such as contributors, to minimize the risk of exploitation.