PickPlugins Product Slider for WooCommerce < 1.13.42 - Contributor+ Stored XSS

Vulnerability

The Product Slider for WooCommerce by PickPlugins WordPress plugin versions before 1.13.42 does not validate and escape shortcode attributes before outputting them in a page or post where the shortcode is embedded. This vulnerability allows users with the contributor role and above to perform Stored Cross-Site Scripting (XSS) attacks [1].

Exploitation

An attacker must have at least contributor-level access to a WordPress site running the vulnerable plugin. They can embed the affected shortcode in a post or page and inject malicious JavaScript into the shortcode attributes. The payload is stored and executed when any user visits the compromised page [1].

Impact

Successful exploitation leads to Stored XSS, enabling the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can result in session hijacking, data theft, or defacement of the site. The attack does not require user interaction beyond visiting the affected page [1].

Mitigation

The vulnerability is fixed in version 1.13.42 of the plugin. Users should update to this version immediately. No workaround is provided for older versions [1].