CVE-2024-4564

Name of the Vulnerable Software and Affected Versions: CoDesigner WooCommerce Builder for Elementor plugin versions up to and including 4.4.1

Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the Shop Slider, Tabs Classic, and Image Comparison widgets. This allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page.

Recommendations: For CoDesigner WooCommerce Builder for Elementor plugin versions up to and including 4.4.1, update to a version that addresses the insufficient input sanitization and output escaping issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.