CVE-2021-24300

MEDIUM NUCLEI

Pickplugins Product Slider For Woocommerce < 1.13.22 - XSS

Title source: rule

Description

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected Cross-Site Scripting issue

Exploits (1)

exploitdb WORKING POC

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/50704

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress WooCommerce <1.13.22 - Cross-Site Scripting

MEDIUMby cckuailong

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/5fbbc7ad-3f1a-48a1-b2eb-e57f153eb837

Scores

CVSS v3 6.1

EPSS 0.0340

EPSS Percentile 87.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

pickplugins/product_slider_for_woocommerce < 1.13.22

Published May 24, 2021

Tracked Since Feb 18, 2026