The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Logo Slider Wordpress
Logo Slider Wordpress logo Slider Wordpress |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:logo_slider_wordpress:logo_slider_wordpress:*:*:*:*:*:*:*:* | |
Vendors & Products |
Logo Slider Wordpress
Logo Slider Wordpress logo Slider Wordpress |
|
Metrics |
cvssV3_1
|
Thu, 28 Nov 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. | |
Title | Logo Slider < 4.5.0 - Author+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-28T06:00:05.185Z
Updated: 2024-11-29T15:50:32.875Z
Reserved: 2024-10-28T18:30:03.575Z
Link: CVE-2024-10473
Vulnrichment
Updated: 2024-11-29T15:50:08.179Z
NVD
Status : Awaiting Analysis
Published: 2024-11-28T06:15:07.697
Modified: 2024-11-29T16:15:08.390
Link: CVE-2024-10473
Redhat
No data.