CVE-2023-0166

Name of the Vulnerable Software and Affected Versions The Product Slider for WooCommerce by PickPlugins WordPress plugin versions prior to 1.13.42

Description The issue concerns a failure to validate and escape certain shortcode attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This occurs when the shortcode is embedded in a page or post and the attributes are outputted without proper validation and escaping.

Recommendations For versions prior to 1.13.42, update to version 1.13.42 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attributes until a patch is applied.