cbcvebase.

Pickplugins Product Slider For Woocommerce vulnerabilities

4 known vulnerabilities affecting pickplugins/product_slider_for_woocommerce.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2026-25455P2MEDIUMCVSS 6.5Exploited≤ 1.13.612026-03-25
CVE-2026-25455 [MEDIUM] CWE-862 CVE-2026-25455: Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-produc Missing Authorization vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.61.
nvd
CVE-2021-24300P3MEDIUMCVSS 6.1PoCfixed in 1.13.222021-05-24
CVE-2021-24300 [MEDIUM] CWE-79 CVE-2021-24300: The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue
nvd
CVE-2024-45459P4MEDIUMCVSS 6.1fixed in 1.13.51≤ 1.13.502024-09-15
CVE-2024-45459 [MEDIUM] CWE-79 CVE-2024-45459: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce woocommerce-products-slider allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through <= 1.13.50.
nvd
CVE-2023-0166P4MEDIUMCVSS 5.4fixed in 1.13.422023-02-13
CVE-2023-0166 [MEDIUM] CWE-79 CVE-2023-0166: The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate The Product Slider for WooCommerce by PickPlugins WordPress plugin before 1.13.42 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
nvd
Pickplugins Product Slider For Woocommerce vulnerabilities | cvebase