cleantalk
Vulnerabilities and Security Researches

Widgets for WooCommerce Products on Elementor, CVE-2022-4661

CVE, Research URL

CVE-2022-4661

Home page URL

Security reports for Widgets for WooCommerce Products on Elementor

Application

Widgets for WooCommerce Products on Elementor

Published on
Mar 13, 2023
Research Description
The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
Min -, max 1.0.8.
Status
vulnerable
Previous vulnerability researches
Widgets for WooCommerce Products on Elementor (CVE-2024-43271) , Aug 16, 2024
Widgets for WooCommerce Products on Elementor (CVE-2022-4661) , Jun 07, 2024
Widgets for WooCommerce Products on Elementor (00cc31a32724c453706e038aef15abaef0730a3d) , Jun 07, 2024
New vulnerability
WordPress Gallery Plugin – NextGEN Gallery (CVE-2024-5878) , May 21, 2025
Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin (CVE-2025-48247) , May 21, 2025
Qi Blocks (CVE-2025-1626) , May 21, 2025
Qi Blocks (CVE-2025-1625) , May 21, 2025
Qi Blocks (CVE-2025-1627) , May 21, 2025